| Message ID | 20240411235157.19801-2-hailmo@amazon.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | [1/2] crypto: ecdh - zeroize crpytographic keys after use | expand |
On Thu, Apr 11, 2024 at 11:51:57PM +0000, Hailey Mothershead wrote: > I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding > cryptographic information should be zeroized once they are no longer > needed. Accomplish this by using kfree_sensitive for buffers that > previously held the private key. > > Signed-off-by: Hailey Mothershead <hailmo@amazon.com> > --- > crypto/aead.c | 2 +- > crypto/cipher.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/crypto/aead.c b/crypto/aead.c > index 16991095270d..2592d5375de5 100644 > --- a/crypto/aead.c > +++ b/crypto/aead.c > @@ -36,7 +36,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, > memcpy(alignbuffer, key, keylen); > ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); > memset(alignbuffer, 0, keylen); > - kfree(buffer); > + kfree_sensitive(buffer); Please remove the now-redundant memset. > diff --git a/crypto/cipher.c b/crypto/cipher.c > index b47141ed4a9f..efb87fa417e7 100644 > --- a/crypto/cipher.c > +++ b/crypto/cipher.c > @@ -35,7 +35,7 @@ static int setkey_unaligned(struct crypto_cipher *tfm, const u8 *key, > memcpy(alignbuffer, key, keylen); > ret = cia->cia_setkey(crypto_cipher_tfm(tfm), alignbuffer, keylen); > memset(alignbuffer, 0, keylen); > - kfree(buffer); > + kfree_sensitive(buffer); Ditto. Thanks,
diff --git a/crypto/aead.c b/crypto/aead.c index 16991095270d..2592d5375de5 100644 --- a/crypto/aead.c +++ b/crypto/aead.c @@ -36,7 +36,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, memcpy(alignbuffer, key, keylen); ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); memset(alignbuffer, 0, keylen); - kfree(buffer); + kfree_sensitive(buffer); return ret; } diff --git a/crypto/cipher.c b/crypto/cipher.c index b47141ed4a9f..efb87fa417e7 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -35,7 +35,7 @@ static int setkey_unaligned(struct crypto_cipher *tfm, const u8 *key, memcpy(alignbuffer, key, keylen); ret = cia->cia_setkey(crypto_cipher_tfm(tfm), alignbuffer, keylen); memset(alignbuffer, 0, keylen); - kfree(buffer); + kfree_sensitive(buffer); return ret; }
I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key. Signed-off-by: Hailey Mothershead <hailmo@amazon.com> --- crypto/aead.c | 2 +- crypto/cipher.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)