crypto: remove CRYPTO_TFM_RES_WEAK_KEY

The CRYPTO_TFM_RES_WEAK_KEY flag was apparently meant as a way to make
the ->setkey() functions provide more information about errors.

However, no one actually checks for this flag, which makes it pointless.
There are also no tests that verify that all algorithms actually set (or
don't set) it correctly.

This is also the last remaining CRYPTO_TFM_RES_* flag, which means that
it's the only thing still needing all the boilerplate code which
propagates these flags around from child => parent tfms.

And if someone ever needs to distinguish this error in the future (which
is somewhat unlikely, as it's been unneeded for a long time), it would
be much better to just define a new return value like -EKEYREJECTED.
That would be much simpler, less error-prone, and easier to test.

So just remove this flag.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index 6e13a4a29ecb0b9f158ece39b8a4eddbd615ad96..c85354a5e94c7bd5befc80f754ce8297c1affc14 100644 (file)
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -29,11 +29,8 @@ static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
                else
                        err = 0;
        }
-
-       if (err) {
+       if (err)
                memset(dctx, 0, sizeof(*dctx));
-               crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
-       }
        return err;
 }
 
@@ -64,11 +61,8 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
                else
                        err = 0;
        }
-
-       if (err) {
+       if (err)
                memset(dctx, 0, sizeof(*dctx));
-               crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
-       }
        return err;
 }
 

diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c
index f64bde506ae80e2a6988f5e57bb92fa2e22a24cf..ad73fc9466821db720fe73c058ca42cc636c1c33 100644 (file)
--- a/drivers/crypto/ixp4xx_crypto.c
+++ b/drivers/crypto/ixp4xx_crypto.c
@@ -740,6 +740,7 @@ static int setup_cipher(struct crypto_tfm *tfm, int encrypt,
        u32 keylen_cfg = 0;
        struct ix_sa_dir *dir;
        struct ixp_ctx *ctx = crypto_tfm_ctx(tfm);
+       int err;
 
        dir = encrypt ? &ctx->encrypt : &ctx->decrypt;
        cinfo = dir->npe_ctx;
@@ -760,7 +761,9 @@ static int setup_cipher(struct crypto_tfm *tfm, int encrypt,
                }
                cipher_cfg |= keylen_cfg;
        } else {
-               crypto_des_verify_key(tfm, key);
+               err = crypto_des_verify_key(tfm, key);
+               if (err)
+                       return err;
        }
        /* write cfg word to cryptinfo */
        *(u32*)cinfo = cpu_to_be32(cipher_cfg);
@@ -817,7 +820,6 @@ static int ablk_setkey(struct crypto_skcipher *tfm, const u8 *key,
                        unsigned int key_len)
 {
        struct ixp_ctx *ctx = crypto_skcipher_ctx(tfm);
-       u32 *flags = &tfm->base.crt_flags;
        int ret;
 
        init_completion(&ctx->completion);
@@ -833,16 +835,6 @@ static int ablk_setkey(struct crypto_skcipher *tfm, const u8 *key,
        if (ret)
                goto out;
        ret = setup_cipher(&tfm->base, 1, key, key_len);
-       if (ret)
-               goto out;
-
-       if (*flags & CRYPTO_TFM_RES_WEAK_KEY) {
-               if (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) {
-                       ret = -EINVAL;
-               } else {
-                       *flags &= ~CRYPTO_TFM_RES_WEAK_KEY;
-               }
-       }
 out:
        if (!atomic_dec_and_test(&ctx->configuring))
                wait_for_completion(&ctx->completion);
@@ -1094,7 +1086,6 @@ free_buf_src:
 static int aead_setup(struct crypto_aead *tfm, unsigned int authsize)
 {
        struct ixp_ctx *ctx = crypto_aead_ctx(tfm);
-       u32 *flags = &tfm->base.crt_flags;
        unsigned digest_len = crypto_aead_maxauthsize(tfm);
        int ret;
 
@@ -1118,17 +1109,6 @@ static int aead_setup(struct crypto_aead *tfm, unsigned int authsize)
                goto out;
        ret = setup_auth(&tfm->base, 1, authsize,  ctx->authkey,
                        ctx->authkey_len, digest_len);
-       if (ret)
-               goto out;
-
-       if (*flags & CRYPTO_TFM_RES_WEAK_KEY) {
-               if (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) {
-                       ret = -EINVAL;
-                       goto out;
-               } else {
-                       *flags &= ~CRYPTO_TFM_RES_WEAK_KEY;
-               }
-       }
 out:
        if (!atomic_dec_and_test(&ctx->configuring))
                wait_for_completion(&ctx->completion);

diff --git a/include/crypto/internal/des.h b/include/crypto/internal/des.h
index 355ddaae38064c33ce8c95688fa39c6fd75f7fc5..723fe5bf16daf6e11be1e2cdf6b5c104218b3fc6 100644 (file)
--- a/include/crypto/internal/des.h
+++ b/include/crypto/internal/des.h
@@ -35,10 +35,6 @@ static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key)
                else
                        err = 0;
        }
-
-       if (err)
-               crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
-
        memzero_explicit(&tmp, sizeof(tmp));
        return err;
 }
@@ -95,14 +91,9 @@ bad:
 static inline int crypto_des3_ede_verify_key(struct crypto_tfm *tfm,
                                             const u8 *key)
 {
-       int err;
-
-       err = des3_ede_verify_key(key, DES3_EDE_KEY_SIZE,
-                                 crypto_tfm_get_flags(tfm) &
-                                 CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
-       if (err)
-               crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
-       return err;
+       return des3_ede_verify_key(key, DES3_EDE_KEY_SIZE,
+                                  crypto_tfm_get_flags(tfm) &
+                                  CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
 }
 
 static inline int verify_skcipher_des_key(struct crypto_skcipher *tfm,

diff --git a/include/crypto/xts.h b/include/crypto/xts.h
index 57b2c52928db79e625f3a3317621aaf68d899960..0f8dba69feb462052500934e5bc1e75403dfced4 100644 (file)
--- a/include/crypto/xts.h
+++ b/include/crypto/xts.h
@@ -11,8 +11,6 @@
 static inline int xts_check_key(struct crypto_tfm *tfm,
                                const u8 *key, unsigned int keylen)
 {
-       u32 *flags = &tfm->crt_flags;
-
        /*
         * key consists of keys of equal size concatenated, therefore
         * the length must be even.
@@ -21,11 +19,8 @@ static inline int xts_check_key(struct crypto_tfm *tfm,
                return -EINVAL;
 
        /* ensure that the AES and tweak key are not identical */
-       if (fips_enabled &&
-           !crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
-               *flags |= CRYPTO_TFM_RES_WEAK_KEY;
+       if (fips_enabled && !crypto_memneq(key, key + (keylen / 2), keylen / 2))
                return -EINVAL;
-       }
 
        return 0;
 }
@@ -43,10 +38,8 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm,
        /* ensure that the AES and tweak key are not identical */
        if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &
                              CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) &&
-           !crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
-               crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
+           !crypto_memneq(key, key + (keylen / 2), keylen / 2))
                return -EINVAL;
-       }
 
        return 0;
 }

diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 61fccc7d0efbd164fcb85ab11281e0b28f92d6a3..accd0c8038fd2b96ed19413aebe73290edf9d915 100644 (file)
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -112,7 +112,6 @@
 #define CRYPTO_TFM_REQ_FORBID_WEAK_KEYS        0x00000100
 #define CRYPTO_TFM_REQ_MAY_SLEEP       0x00000200
 #define CRYPTO_TFM_REQ_MAY_BACKLOG     0x00000400
-#define CRYPTO_TFM_RES_WEAK_KEY                0x00100000
 
 /*
  * Miscellaneous stuff.