lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Zhiiu0GCySQ9OxrH@gondor.apana.org.au>
Date: Fri, 12 Apr 2024 10:55:55 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Hailey Mothershead <hailmo@...zon.com>
Cc: davem@...emloft.net, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] crypto: ecdh - zeroize crpytographic keys after use

On Thu, Apr 11, 2024 at 11:51:56PM +0000, Hailey Mothershead wrote:
>
> @@ -111,7 +113,7 @@ static int ecdh_compute_value(struct kpp_request *req)
>  free_all:
>  	kfree_sensitive(shared_secret);
>  free_pubkey:
> -	kfree(public_key);
> +	kfree_sensitive(public_key);

It makes no sense to zero the public key.  Nack.
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ