Re: [PATCH 2/2] crypto: Remove unnecessary memzero_explicit()
From: Waiman Long <longman@redhat.com>
Date: 2020-04-13 21:52:55
Also in:
cocci, intel-wired-lan, keyrings, linux-amlogic, linux-arm-kernel, linux-bluetooth, linux-btrfs, linux-cifs, linux-crypto, linux-fscrypt, linux-integrity, linux-mediatek, linux-mm, linux-nfs, linux-pm, linux-s390, linux-scsi, linux-sctp, linux-security-module, linux-wireless, lkml, netdev, target-devel, virtualization
On 4/13/20 5:31 PM, Joe Perches wrote:
On Mon, 2020-04-13 at 17:15 -0400, Waiman Long wrote:quoted
Since kfree_sensitive() will do an implicit memzero_explicit(), there is no need to call memzero_explicit() before it. Eliminate those memzero_explicit() and simplify the call sites.2 bits of trivia:quoted
diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c[]quoted
@@ -391,10 +388,7 @@ int sun8i_ce_aes_setkey(struct crypto_skcipher *tfm, const u8 *key, dev_dbg(ce->dev, "ERROR: Invalid keylen %u\n", keylen); return -EINVAL; } - if (op->key) { - memzero_explicit(op->key, op->keylen); - kfree(op->key); - } + kfree_sensitive(op->key); op->keylen = keylen; op->key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA); if (!op->key)It might be a defect to set op->keylen before the kmemdup succeeds.
It could be. I can move it down after the op->key check.
quoted
@@ -416,10 +410,7 @@ int sun8i_ce_des3_setkey(struct crypto_skcipher *tfm, const u8 *key, if (err) return err; - if (op->key) { - memzero_explicit(op->key, op->keylen); - kfree(op->key); - } + free_sensitive(op->key, op->keylen);Why not kfree_sensitive(op->key) ?
Oh, it is a bug. I will send out v2 to fix that. Thanks for spotting it. Cheers, Longman