On Mon, Apr 15, 2024 at 10:19:15PM +0000, Hailey Mothershead wrote: > I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding > cryptographic information should be zeroized once they are no longer > needed. Accomplish this by using kfree_sensitive for buffers that > previously held the private key. > > Signed-off-by: Hailey Mothershead <hailmo@xxxxxxxxxx> > --- > crypto/aead.c | 3 +-- > crypto/cipher.c | 3 +-- > 2 files changed, 2 insertions(+), 4 deletions(-) > > diff --git a/crypto/aead.c b/crypto/aead.c > index 16991095270d..c4ece86c45bc 100644 > --- a/crypto/aead.c > +++ b/crypto/aead.c > @@ -35,8 +35,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, > alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); > memcpy(alignbuffer, key, keylen); > ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); > - memset(alignbuffer, 0, keylen); > - kfree(buffer); > + kfree_sensitive(buffer); > return ret; > } > > diff --git a/crypto/cipher.c b/crypto/cipher.c > index b47141ed4a9f..395f0c2fbb9f 100644 > --- a/crypto/cipher.c > +++ b/crypto/cipher.c > @@ -34,8 +34,7 @@ static int setkey_unaligned(struct crypto_cipher *tfm, const u8 *key, > alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); > memcpy(alignbuffer, key, keylen); > ret = cia->cia_setkey(crypto_cipher_tfm(tfm), alignbuffer, keylen); > - memset(alignbuffer, 0, keylen); > - kfree(buffer); > + kfree_sensitive(buffer); > return ret; Well, the memset()s that you're removing already did the zeroization. This patch seems worthwhile as a code simplification, but please don't characterize it as a bug fix, because it's not. - Eric
