On Fri, Jun 28, 2019 at 11:35:26AM +0200, Ard Biesheuvel wrote: > > static int des_setkey(struct crypto_tfm *tfm, const u8 *key, > unsigned int keylen) > { > struct des_ctx *dctx = crypto_tfm_ctx(tfm); > - u32 *flags = &tfm->crt_flags; > - u32 tmp[DES_EXPKEY_WORDS]; > - int ret; > - > - /* Expand to tmp */ > - ret = des_ekey(tmp, key); > + int err; > > - if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { > - *flags |= CRYPTO_TFM_RES_WEAK_KEY; > - return -EINVAL; > + err = des_expand_key(dctx, key, keylen); > + if (err == -ENOKEY) { > + if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) > + err = -EINVAL; > + else > + err = 0; > } > > - /* Copy to output */ > - memcpy(dctx->expkey, tmp, sizeof(dctx->expkey)); > - > - return 0; > + if (err) { > + memzero_explicit(dctx, sizeof(*dctx)); This should use memset as it's not a stack location. Ditto with the 3DES version below. It may not look like a big deal but we sometimes get bogus patches that convert such memsets to memzeros and being consistent with our own usage might discourage them. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt