Joe Perches
2020-Apr-13 21:31 UTC
[PATCH 2/2] crypto: Remove unnecessary memzero_explicit()
On Mon, 2020-04-13 at 17:15 -0400, Waiman Long wrote:> Since kfree_sensitive() will do an implicit memzero_explicit(), there > is no need to call memzero_explicit() before it. Eliminate those > memzero_explicit() and simplify the call sites.2 bits of trivia:> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c[]> @@ -391,10 +388,7 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher *tfm, const u8 *key, > dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen); > return -EINVAL; > } > - if (op->key) { > - memzero_explicit(op->key, op->keylen); > - kfree(op->key); > - } > + kfree_sensitive(op->key); > op->keylen = keylen; > op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA); > if (!op->key)It might be a defect to set op->keylen before the kmemdup succeeds.> @@ -416,10 +410,7 @@ int sun8i_ce_des3_setkey(struct crypto_skcipher *tfm, const u8 *key, > if (err) > return err; > > - if (op->key) { > - memzero_explicit(op->key, op->keylen); > - kfree(op->key); > - } > + free_sensitive(op->key, op->keylen);Why not kfree_sensitive(op->key) ?
Waiman Long
2020-Apr-13 21:52 UTC
[PATCH 2/2] crypto: Remove unnecessary memzero_explicit()
On 4/13/20 5:31 PM, Joe Perches wrote:> On Mon, 2020-04-13 at 17:15 -0400, Waiman Long wrote: >> Since kfree_sensitive() will do an implicit memzero_explicit(), there >> is no need to call memzero_explicit() before it. Eliminate those >> memzero_explicit() and simplify the call sites. > 2 bits of trivia: > >> diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c > [] >> @@ -391,10 +388,7 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher *tfm, const u8 *key, >> dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen); >> return -EINVAL; >> } >> - if (op->key) { >> - memzero_explicit(op->key, op->keylen); >> - kfree(op->key); >> - } >> + kfree_sensitive(op->key); >> op->keylen = keylen; >> op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA); >> if (!op->key) > It might be a defect to set op->keylen before the kmemdup succeeds.It could be. I can move it down after the op->key check.>> @@ -416,10 +410,7 @@ int sun8i_ce_des3_setkey(struct crypto_skcipher *tfm, const u8 *key, >> if (err) >> return err; >> >> - if (op->key) { >> - memzero_explicit(op->key, op->keylen); >> - kfree(op->key); >> - } >> + free_sensitive(op->key, op->keylen); > Why not kfree_sensitive(op->key) ?Oh, it is a bug. I will send out v2 to fix that. Thanks for spotting it. Cheers, Longman> >
Seemingly Similar Threads
- [PATCH 2/2] crypto: Remove unnecessary memzero_explicit()
- [PATCH 2/2] crypto: Remove unnecessary memzero_explicit()
- [PATCH 2/2] crypto: Remove unnecessary memzero_explicit()
- [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()
- [PATCH v2 2/2] crypto: Remove unnecessary memzero_explicit()