| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Apr 2024 23:51:57 +0000 From: Hailey Mothershead <hailmo@...zon.com> To: <herbert@...dor.apana.org.au> CC: <davem@...emloft.net>, <linux-crypto@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <hailmo@...zon.com> Subject: [PATCH 2/2] crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key. Signed-off-by: Hailey Mothershead <hailmo@...zon.com> --- crypto/aead.c | 2 +- crypto/cipher.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/aead.c b/crypto/aead.c index 16991095270d..2592d5375de5 100644 --- a/crypto/aead.c +++ b/crypto/aead.c @@ -36,7 +36,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, memcpy(alignbuffer, key, keylen); ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); memset(alignbuffer, 0, keylen); - kfree(buffer); + kfree_sensitive(buffer); return ret; } diff --git a/crypto/cipher.c b/crypto/cipher.c index b47141ed4a9f..efb87fa417e7 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -35,7 +35,7 @@ static int setkey_unaligned(struct crypto_cipher *tfm, const u8 *key, memcpy(alignbuffer, key, keylen); ret = cia->cia_setkey(crypto_cipher_tfm(tfm), alignbuffer, keylen); memset(alignbuffer, 0, keylen); - kfree(buffer); + kfree_sensitive(buffer); return ret; } -- 2.40.1
Powered by blists - more mailing lists