'Re: [PATCH v2 6/7] fs: use HKDF implementation from kernel crypto API'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-keyrings
Subject:    Re: [PATCH v2 6/7] fs: use HKDF implementation from kernel crypto API
From:       Eric Biggers <ebiggers () kernel ! org>
Date:       2021-01-28 20:18:12
Message-ID: YBMcBPXrKswTyiMC () sol ! localdomain
[Download RAW message or body]

On Sun, Jan 24, 2021 at 03:04:31PM +0100, Stephan Müller wrote:
> @@ -74,16 +57,14 @@ int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key,
>  		return PTR_ERR(hmac_tfm);
>  	}
>  
> -	if (WARN_ON(crypto_shash_digestsize(hmac_tfm) != sizeof(prk))) {
> +	if (WARN_ON(crypto_shash_digestsize(hmac_tfm) != HKDF_HASHLEN)) {
>  		err = -EINVAL;
>  		goto err_free_tfm;
>  	}
>  
> -	err = hkdf_extract(hmac_tfm, master_key, master_key_size, prk);
> -	if (err)
> -		goto err_free_tfm;
> -
> -	err = crypto_shash_setkey(hmac_tfm, prk, sizeof(prk));
> +	/* HKDF-Extract (RFC 5869 section 2.2), unsalted */
> +	err = crypto_hkdf_extract(hmac_tfm, NULL, 0,
> +				  master_key, master_key_size);
>  	if (err)
>  		goto err_free_tfm;
>  
> @@ -93,7 +74,6 @@ int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key,
>  err_free_tfm:
>  	crypto_free_shash(hmac_tfm);
>  out:
> -	memzero_explicit(prk, sizeof(prk));
>  	return err;
>  }

The 'out' label isn't needed anymore.  'goto out' should be replaced with
'return 0'.

- Eric
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic