export RK_PA3

hc

2024-02-19 151fecfb72a0d602dfe79790602ef64b4e241574

 kernel/fs/crypto/keysetup_v1.c
..
..
@@ -45,7 +45,7 @@
45
45
  * key is longer, then only the first 'derived_keysize' bytes are used.
46
46
  */
47
47
 static int derive_key_aes(const u8 *master_key,
48
-			  const u8 nonce[FS_KEY_DERIVATION_NONCE_SIZE],
48
+			  const u8 nonce[FSCRYPT_FILE_NONCE_SIZE],
49
49
 			  u8 *derived_key, unsigned int derived_keysize)
50
50
 {
51
51
 	int res = 0;
..
..
@@ -59,8 +59,8 @@
59
59
 		tfm = NULL;
60
60
 		goto out;
61
61
 	}
62
-	crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
63
-	req = skcipher_request_alloc(tfm, GFP_NOFS);
62
+	crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
63
+	req = skcipher_request_alloc(tfm, GFP_KERNEL);
64
64
 	if (!req) {
65
65
 		res = -ENOMEM;
66
66
 		goto out;
..
..
@@ -68,7 +68,7 @@
68
68
 	skcipher_request_set_callback(req,
69
69
 			CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
70
70
 			crypto_req_done, &wait);
71
-	res = crypto_skcipher_setkey(tfm, nonce, FS_KEY_DERIVATION_NONCE_SIZE);
71
+	res = crypto_skcipher_setkey(tfm, nonce, FSCRYPT_FILE_NONCE_SIZE);
72
72
 	if (res < 0)
73
73
 		goto out;
74
74
 
..
..
@@ -99,7 +99,7 @@
99
99
 	const struct user_key_payload *ukp;
100
100
 	const struct fscrypt_key *payload;
101
101
 
102
-	description = kasprintf(GFP_NOFS, "%s%*phN", prefix,
102
+	description = kasprintf(GFP_KERNEL, "%s%*phN", prefix,
103
103
 				FSCRYPT_KEY_DESCRIPTOR_SIZE, descriptor);
104
104
 	if (!description)
105
105
 		return ERR_PTR(-ENOMEM);
..
..
@@ -155,7 +155,7 @@
155
155
 {
156
156
 	if (dk) {
157
157
 		fscrypt_destroy_prepared_key(&dk->dk_key);
158
-		kzfree(dk);
158
+		kfree_sensitive(dk);
159
159
 	}
160
160
 }
161
161
 
..
..
@@ -228,7 +228,7 @@
228
228
 		return dk;
229
229
 
230
230
 	/* Nope, allocate one. */
231
-	dk = kzalloc(sizeof(*dk), GFP_NOFS);
231
+	dk = kzalloc(sizeof(*dk), GFP_KERNEL);
232
232
 	if (!dk)
233
233
 		return ERR_PTR(-ENOMEM);
234
234
 	refcount_set(&dk->dk_refcount, 1);
..
..
@@ -258,7 +258,7 @@
258
258
 	if (IS_ERR(dk))
259
259
 		return PTR_ERR(dk);
260
260
 	ci->ci_direct_key = dk;
261
-	ci->ci_key = dk->dk_key;
261
+	ci->ci_enc_key = dk->dk_key;
262
262
 	return 0;
263
263
 }
264
264
 
..
..
@@ -273,7 +273,7 @@
273
273
 	 * This cannot be a stack buffer because it will be passed to the
274
274
 	 * scatterlist crypto API during derive_key_aes().
275
275
 	 */
276
-	derived_key = kmalloc(ci->ci_mode->keysize, GFP_NOFS);
276
+	derived_key = kmalloc(ci->ci_mode->keysize, GFP_KERNEL);
277
277
 	if (!derived_key)
278
278
 		return -ENOMEM;
279
279
 
..
..
@@ -284,7 +284,7 @@
284
284
 
285
285
 	err = fscrypt_set_per_file_enc_key(ci, derived_key);
286
286
 out:
287
-	kzfree(derived_key);
287
+	kfree_sensitive(derived_key);
288
288
 	return err;
289
289
 }
290
290