[PATCH v2 7/7] fs: HKDF - remove duplicate memory clearing | linux-crypto

[PATCH v2 0/7] Add KDF implementations to crypto API · Stephan Müller <hidden> · 2021-01-24
[PATCH v2 6/7] fs: use HKDF implementation from kernel crypto API · Stephan Müller <hidden> · 2021-01-24
Re: [PATCH v2 6/7] fs: use HKDF implementation from kernel crypto API · Eric Biggers <ebiggers@kernel.org> · 2021-01-28
Re: [PATCH v2 6/7] fs: use HKDF implementation from kernel crypto API · Eric Biggers <ebiggers@kernel.org> · 2021-01-28
[PATCH v2 5/7] security: DH - use KDF implementation from crypto API · Stephan Müller <hidden> · 2021-01-24
[PATCH v2 1/7] crypto: Add key derivation self-test support code · Stephan Müller <hidden> · 2021-01-24
[PATCH v2 2/7] crypto: add SP800-108 counter key derivation function · Stephan Müller <hidden> · 2021-01-24
[PATCH v2 3/7] crypto: add RFC5869 HKDF · Stephan Müller <hidden> · 2021-01-24
Re: [PATCH v2 3/7] crypto: add RFC5869 HKDF · Eric Biggers <ebiggers@kernel.org> · 2021-01-28
[PATCH v2 4/7] security: DH - remove dead code for zero padding · Stephan Müller <hidden> · 2021-01-24
[PATCH v2 7/7] fs: HKDF - remove duplicate memory clearing · Stephan Müller <hidden> · 2021-01-24
Re: [PATCH v2 7/7] fs: HKDF - remove duplicate memory clearing · Eric Biggers <ebiggers@kernel.org> · 2021-01-28
Re: [PATCH v2 0/7] Add KDF implementations to crypto API · Ard Biesheuvel <ardb@kernel.org> · 2021-01-24
Re: [PATCH v2 0/7] Add KDF implementations to crypto API · Ard Biesheuvel <ardb@kernel.org> · 2021-01-24
Re: [PATCH v2 0/7] Add KDF implementations to crypto API · Stephan Müller <hidden> · 2021-01-24
Re: [PATCH v2 0/7] Add KDF implementations to crypto API · Stephan Müller <hidden> · 2021-01-24

STALE1962d

[PATCH v2 7/7] fs: HKDF - remove duplicate memory clearing

From: Stephan Müller <hidden>
Date: 2021-01-24 14:13:26
Also in: keyrings, linux-fscrypt, lkml
Subsystem: filesystems (vfs and infrastructure), fscrypt: file system level encryption support, the rest · Maintainers: Alexander Viro, Christian Brauner, Eric Biggers, Theodore Y. Ts'o, Jaegeuk Kim, Linus Torvalds

The clearing of the OKM memory buffer in case of an error is already
performed by the HKDF implementation crypto_hkdf_expand. Thus, the
code clearing is not needed any more in the file system code base.

Signed-off-by: Stephan Mueller <redacted>
---
 fs/crypto/hkdf.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/fs/crypto/hkdf.c b/fs/crypto/hkdf.c
index ae236b42b1f0..c48dd8ca3a46 100644
--- a/fs/crypto/hkdf.c
+++ b/fs/crypto/hkdf.c

@@ -102,13 +102,10 @@ int fscrypt_hkdf_expand(const struct fscrypt_hkdf *hkdf, u8 context,
 		.iov_base = (u8 *)info,
 		.iov_len = infolen,
 	} };
-	int err = crypto_hkdf_expand(hkdf->hmac_tfm,
-				     info_iov, ARRAY_SIZE(info_iov),
-				     okm, okmlen);
 
-	if (unlikely(err))
-		memzero_explicit(okm, okmlen); /* so caller doesn't need to */
-	return err;
+	return crypto_hkdf_expand(hkdf->hmac_tfm,
+				  info_iov, ARRAY_SIZE(info_iov),
+				  okm, okmlen);
 }
 
 void fscrypt_destroy_hkdf(struct fscrypt_hkdf *hkdf)

-- 
2.26.2

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help