2020-08-26 13:18:05

by Denis Efremov (Oracle)

[permalink] [raw]
Subject: [PATCH] crypto: amlogic - use kfree_sensitive()

Use kfree_sensitive() instead of open-coding it.

Signed-off-by: Denis Efremov <[email protected]>
---
drivers/crypto/amlogic/amlogic-gxl-cipher.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/amlogic/amlogic-gxl-cipher.c b/drivers/crypto/amlogic/amlogic-gxl-cipher.c
index d93210726697..f3dca456d9f8 100644
--- a/drivers/crypto/amlogic/amlogic-gxl-cipher.c
+++ b/drivers/crypto/amlogic/amlogic-gxl-cipher.c
@@ -341,8 +341,7 @@ void meson_cipher_exit(struct crypto_tfm *tfm)
struct meson_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);

if (op->key) {
- memzero_explicit(op->key, op->keylen);
- kfree(op->key);
+ kfree_sensitive(op->key);
}
crypto_free_skcipher(op->fallback_tfm);
}
@@ -368,8 +367,7 @@ int meson_aes_setkey(struct crypto_skcipher *tfm, const u8 *key,
return -EINVAL;
}
if (op->key) {
- memzero_explicit(op->key, op->keylen);
- kfree(op->key);
+ kfree_sensitive(op->key);
}
op->keylen = keylen;
op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
--
2.26.2


2020-08-26 13:26:07

by Corentin Labbe

[permalink] [raw]
Subject: Re: [PATCH] crypto: amlogic - use kfree_sensitive()

On Wed, Aug 26, 2020 at 04:16:57PM +0300, Denis Efremov wrote:
> Use kfree_sensitive() instead of open-coding it.
>
> Signed-off-by: Denis Efremov <[email protected]>
> ---
> drivers/crypto/amlogic/amlogic-gxl-cipher.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/crypto/amlogic/amlogic-gxl-cipher.c b/drivers/crypto/amlogic/amlogic-gxl-cipher.c
> index d93210726697..f3dca456d9f8 100644
> --- a/drivers/crypto/amlogic/amlogic-gxl-cipher.c
> +++ b/drivers/crypto/amlogic/amlogic-gxl-cipher.c
> @@ -341,8 +341,7 @@ void meson_cipher_exit(struct crypto_tfm *tfm)
> struct meson_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>
> if (op->key) {
> - memzero_explicit(op->key, op->keylen);
> - kfree(op->key);
> + kfree_sensitive(op->key);
> }
> crypto_free_skcipher(op->fallback_tfm);
> }
> @@ -368,8 +367,7 @@ int meson_aes_setkey(struct crypto_skcipher *tfm, const u8 *key,
> return -EINVAL;
> }
> if (op->key) {
> - memzero_explicit(op->key, op->keylen);
> - kfree(op->key);
> + kfree_sensitive(op->key);
> }
> op->keylen = keylen;
> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
> --

So the {} are no longer necessary.
Same for the "if (op->key)" test since kfree handle NULL.

Thanks