2020-08-26 13:29:52

by Denis Efremov

Subject: [PATCH] crypto: sun8i-ce - use kfree_sensitive()

Use kfree_sensitive() instead of open-coding it.

Signed-off-by: Denis Efremov <[email protected]>
---
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
index b4d5fea27d20..970084463dbb 100644
--- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
+++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
@@ -367,8 +367,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);

if (op->key) {
- memzero_explicit(op->key, op->keylen);
- kfree(op->key);
+ kfree_sensitive(op->key);
}
crypto_free_skcipher(op->fallback_tfm);
pm_runtime_put_sync_suspend(op->ce->dev);
@@ -392,8 +391,7 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher *tfm, const u8 *key,
return -EINVAL;
}
if (op->key) {
- memzero_explicit(op->key, op->keylen);
- kfree(op->key);
+ kfree_sensitive(op->key);
}
op->keylen = keylen;
op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
@@ -417,8 +415,7 @@ int sun8i_ce_des3_setkey(struct crypto_skcipher *tfm, const u8 *key,
return err;

if (op->key) {
- memzero_explicit(op->key, op->keylen);
- kfree(op->key);
+ kfree_sensitive(op->key);
}
op->keylen = keylen;
op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
--
2.26.2

2020-08-26 13:37:40

by Corentin Labbe

Subject: Re: [PATCH] crypto: sun8i-ce - use kfree_sensitive()

On Wed, Aug 26, 2020 at 04:25:37PM +0300, Denis Efremov wrote:
> Use kfree_sensitive() instead of open-coding it.
>
> Signed-off-by: Denis Efremov <[email protected]>
> ---
> drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
> index b4d5fea27d20..970084463dbb 100644
> --- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
> +++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
> @@ -367,8 +367,7 @@ void sun8i_ce_cipher_exit(struct crypto_tfm *tfm)
> struct sun8i_cipher_tfm_ctx *op = crypto_tfm_ctx(tfm);
>
> if (op->key) {
> - memzero_explicit(op->key, op->keylen);
> - kfree(op->key);
> + kfree_sensitive(op->key);
> }
> crypto_free_skcipher(op->fallback_tfm);
> pm_runtime_put_sync_suspend(op->ce->dev);
> @@ -392,8 +391,7 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher *tfm, const u8 *key,
> return -EINVAL;
> }
> if (op->key) {
> - memzero_explicit(op->key, op->keylen);
> - kfree(op->key);
> + kfree_sensitive(op->key);
> }
> op->keylen = keylen;
> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
> @@ -417,8 +415,7 @@ int sun8i_ce_des3_setkey(struct crypto_skcipher *tfm, const u8 *key,
> return err;
>
> if (op->key) {
> - memzero_explicit(op->key, op->keylen);
> - kfree(op->key);
> + kfree_sensitive(op->key);
> }
> op->keylen = keylen;
> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA);
> --
> 2.26.2
>

Hello

Same problem than amlogic and sun8i-ss.
Please remove if (op->key)

Regards