On Sun, Jan 24, 2021 at 03:04:50PM +0100, Stephan Müller wrote:
> The clearing of the OKM memory buffer in case of an error is already
> performed by the HKDF implementation crypto_hkdf_expand. Thus, the
> code clearing is not needed any more in the file system code base.
> 
> Signed-off-by: Stephan Mueller <smuel...@chronox.de>
> ---
>  fs/crypto/hkdf.c | 9 +++------
>  1 file changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/fs/crypto/hkdf.c b/fs/crypto/hkdf.c
> index ae236b42b1f0..c48dd8ca3a46 100644
> --- a/fs/crypto/hkdf.c
> +++ b/fs/crypto/hkdf.c
> @@ -102,13 +102,10 @@ int fscrypt_hkdf_expand(const struct fscrypt_hkdf 
> *hkdf, u8 context,
>               .iov_base = (u8 *)info,
>               .iov_len = infolen,
>       } };
> -     int err = crypto_hkdf_expand(hkdf->hmac_tfm,
> -                                  info_iov, ARRAY_SIZE(info_iov),
> -                                  okm, okmlen);
>  
> -     if (unlikely(err))
> -             memzero_explicit(okm, okmlen); /* so caller doesn't need to */
> -     return err;
> +     return crypto_hkdf_expand(hkdf->hmac_tfm,
> +                               info_iov, ARRAY_SIZE(info_iov),
> +                               okm, okmlen);
>  }
>  

Shoudn't this just be folded into the previous patch, which converted
fscrypt_hkdf_expand() to use crypto_hkdf_expand() in the first place?

- Eric

Reply via email to