diff mbox series

[v2,7/7] fs: HKDF - remove duplicate memory clearing

Message ID 8714658.CDJkKcVGEf@positron.chronox.de (mailing list archive)
State New
Headers show
Series Add KDF implementations to crypto API | expand

Commit Message

Stephan Mueller Jan. 24, 2021, 2:04 p.m. UTC
The clearing of the OKM memory buffer in case of an error is already
performed by the HKDF implementation crypto_hkdf_expand. Thus, the
code clearing is not needed any more in the file system code base.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 fs/crypto/hkdf.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

Comments

Eric Biggers Jan. 28, 2021, 8:21 p.m. UTC | #1
On Sun, Jan 24, 2021 at 03:04:50PM +0100, Stephan Müller wrote:
> The clearing of the OKM memory buffer in case of an error is already
> performed by the HKDF implementation crypto_hkdf_expand. Thus, the
> code clearing is not needed any more in the file system code base.
> 
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
> ---
>  fs/crypto/hkdf.c | 9 +++------
>  1 file changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/fs/crypto/hkdf.c b/fs/crypto/hkdf.c
> index ae236b42b1f0..c48dd8ca3a46 100644
> --- a/fs/crypto/hkdf.c
> +++ b/fs/crypto/hkdf.c
> @@ -102,13 +102,10 @@ int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context,
>  		.iov_base = (u8 *)info,
>  		.iov_len = infolen,
>  	} };
> -	int err = crypto_hkdf_expand(hkdf->hmac_tfm,
> -				     info_iov, ARRAY_SIZE(info_iov),
> -				     okm, okmlen);
>  
> -	if (unlikely(err))
> -		memzero_explicit(okm, okmlen); /* so caller doesn't need to */
> -	return err;
> +	return crypto_hkdf_expand(hkdf->hmac_tfm,
> +				  info_iov, ARRAY_SIZE(info_iov),
> +				  okm, okmlen);
>  }
>  

Shoudn't this just be folded into the previous patch, which converted
fscrypt_hkdf_expand() to use crypto_hkdf_expand() in the first place?

- Eric
diff mbox series

Patch

diff --git a/fs/crypto/hkdf.c b/fs/crypto/hkdf.c
index ae236b42b1f0..c48dd8ca3a46 100644
--- a/fs/crypto/hkdf.c
+++ b/fs/crypto/hkdf.c
@@ -102,13 +102,10 @@  int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context,
 		.iov_base = (u8 *)info,
 		.iov_len = infolen,
 	} };
-	int err = crypto_hkdf_expand(hkdf->hmac_tfm,
-				     info_iov, ARRAY_SIZE(info_iov),
-				     okm, okmlen);
 
-	if (unlikely(err))
-		memzero_explicit(okm, okmlen); /* so caller doesn't need to */
-	return err;
+	return crypto_hkdf_expand(hkdf->hmac_tfm,
+				  info_iov, ARRAY_SIZE(info_iov),
+				  okm, okmlen);
 }
 
 void fscrypt_destroy_hkdf(struct fscrypt_hkdf *hkdf)