All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] KEYS: use kfree_sensitive with key
@ 2023-06-15 12:57 Mahmoud Adam
  2023-06-16 10:31 ` Herbert Xu
  0 siblings, 1 reply; 3+ messages in thread
From: Mahmoud Adam @ 2023-06-15 12:57 UTC (permalink / raw)
  To: dhowells
  Cc: herbert, davem, keyrings, linux-crypto, linux-kernel, Mahmoud Adam

key might contain private part of the key, so better use
kfree_sensitive to free it

Signed-off-by: Mahmoud Adam <mngyadam@amazon.com>
---
v2: kfree_sensitive only private key

 crypto/asymmetric_keys/public_key.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index eca5671ad3f2..cd8c4123d936 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -43,7 +43,10 @@ static void public_key_describe(const struct key *asymmetric_key,
 void public_key_free(struct public_key *key)
 {
 	if (key) {
-		kfree(key->key);
+		if(key->key_is_private)
+			kfree_sensitive(key->key);
+		else
+			kfree(key->key);
 		kfree(key->params);
 		kfree(key);
 	}
@@ -218,7 +221,7 @@ static int software_key_query(const struct kernel_pkey_params *params,
 	ret = 0;

 error_free_key:
-	kfree(key);
+	kfree_sensitive(key);
 error_free_tfm:
 	crypto_free_akcipher(tfm);
 	pr_devel("<==%s() = %d\n", __func__, ret);
@@ -303,7 +306,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params,
 		ret = req->dst_len;

 error_free_key:
-	kfree(key);
+	kfree_sensitive(key);
 error_free_req:
 	akcipher_request_free(req);
 error_free_tfm:
@@ -456,7 +459,7 @@ int public_key_verify_signature(const struct public_key *pkey,
 	ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);

 error_free_key:
-	kfree(key);
+	kfree_sensitive(key);
 error_free_req:
 	akcipher_request_free(req);
 error_free_tfm:
--
2.40.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] KEYS: use kfree_sensitive with key
  2023-06-15 12:57 [PATCH v2] KEYS: use kfree_sensitive with key Mahmoud Adam
@ 2023-06-16 10:31 ` Herbert Xu
  2023-06-16 10:42   ` Adam, Mahmoud
  0 siblings, 1 reply; 3+ messages in thread
From: Herbert Xu @ 2023-06-16 10:31 UTC (permalink / raw)
  To: Mahmoud Adam; +Cc: dhowells, davem, keyrings, linux-crypto, linux-kernel

On Thu, Jun 15, 2023 at 12:57:13PM +0000, Mahmoud Adam wrote:
> key might contain private part of the key, so better use
> kfree_sensitive to free it
> 
> Signed-off-by: Mahmoud Adam <mngyadam@amazon.com>
> ---
> v2: kfree_sensitive only private key
> 
>  crypto/asymmetric_keys/public_key.c | 11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)

Sorry, I was confused by the naming in this file.  These public_keys
can indeed be private.  So I'll just take your original patch.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] KEYS: use kfree_sensitive with key
  2023-06-16 10:31 ` Herbert Xu
@ 2023-06-16 10:42   ` Adam, Mahmoud
  0 siblings, 0 replies; 3+ messages in thread
From: Adam, Mahmoud @ 2023-06-16 10:42 UTC (permalink / raw)
  To: Herbert Xu
  Cc: Mahmoud Adam, dhowells, davem, keyrings, linux-crypto, linux-kernel



> On 16. Jun 2023, at 12:31, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> 
> On Thu, Jun 15, 2023 at 12:57:13PM +0000, Mahmoud Adam wrote:
>> key might contain private part of the key, so better use
>> kfree_sensitive to free it
>> 
>> Signed-off-by: Mahmoud Adam <mngyadam@amazon.com>
>> ---
>> v2: kfree_sensitive only private key
>> 
>> crypto/asymmetric_keys/public_key.c | 11 +++++++----
>> 1 file changed, 7 insertions(+), 4 deletions(-)
> 
> Sorry, I was confused by the naming in this file.  These public_keys
> can indeed be private.  So I'll just take your original patch.

It’s indeed very confusing.

Thanks for the review.

Mahmoud Adam



Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879



^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-06-16 10:58 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-15 12:57 [PATCH v2] KEYS: use kfree_sensitive with key Mahmoud Adam
2023-06-16 10:31 ` Herbert Xu
2023-06-16 10:42   ` Adam, Mahmoud

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.