key might contain private part of the key, so better use
kfree_sensitive to free it
Signed-off-by: Mahmoud Adam <[email protected]>
---
v2: kfree_sensitive only private key
crypto/asymmetric_keys/public_key.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index eca5671ad3f2..cd8c4123d936 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -43,7 +43,10 @@ static void public_key_describe(const struct key *asymmetric_key,
void public_key_free(struct public_key *key)
{
if (key) {
- kfree(key->key);
+ if(key->key_is_private)
+ kfree_sensitive(key->key);
+ else
+ kfree(key->key);
kfree(key->params);
kfree(key);
}
@@ -218,7 +221,7 @@ static int software_key_query(const struct kernel_pkey_params *params,
ret = 0;
error_free_key:
- kfree(key);
+ kfree_sensitive(key);
error_free_tfm:
crypto_free_akcipher(tfm);
pr_devel("<==%s() = %d\n", __func__, ret);
@@ -303,7 +306,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params,
ret = req->dst_len;
error_free_key:
- kfree(key);
+ kfree_sensitive(key);
error_free_req:
akcipher_request_free(req);
error_free_tfm:
@@ -456,7 +459,7 @@ int public_key_verify_signature(const struct public_key *pkey,
ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
error_free_key:
- kfree(key);
+ kfree_sensitive(key);
error_free_req:
akcipher_request_free(req);
error_free_tfm:
--
2.40.1
> On 16. Jun 2023, at 12:31, Herbert Xu <[email protected]> wrote:
>
> On Thu, Jun 15, 2023 at 12:57:13PM +0000, Mahmoud Adam wrote:
>> key might contain private part of the key, so better use
>> kfree_sensitive to free it
>>
>> Signed-off-by: Mahmoud Adam <[email protected]>
>> ---
>> v2: kfree_sensitive only private key
>>
>> crypto/asymmetric_keys/public_key.c | 11 +++++++----
>> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> Sorry, I was confused by the naming in this file. These public_keys
> can indeed be private. So I'll just take your original patch.
It’s indeed very confusing.
Thanks for the review.
Mahmoud Adam
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879
On Thu, Jun 15, 2023 at 12:57:13PM +0000, Mahmoud Adam wrote:
> key might contain private part of the key, so better use
> kfree_sensitive to free it
>
> Signed-off-by: Mahmoud Adam <[email protected]>
> ---
> v2: kfree_sensitive only private key
>
> crypto/asymmetric_keys/public_key.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
Sorry, I was confused by the naming in this file. These public_keys
can indeed be private. So I'll just take your original patch.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt