[PATCH] crypto: sun4i-ss: erase key after use
16 views
Skip to first unread message
Corentin Labbe
Sep 15, 2019, 2:35:55 PM9/15/19
to da...@davemloft.net, her...@gondor.apana.org.au, mri...@kernel.org, we...@csie.org, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, linux-...@vger.kernel.org, linux...@googlegroups.com, Corentin Labbe, sta...@vger.kernel.org
When a TFM is unregistered, the sun4i-ss driver does not clean the key used,
leaking it in memory.
This patch adds this absent key cleaning.
Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
Cc: <sta...@vger.kernel.org> # 4.3+
Signed-off-by: Corentin Labbe <clabbe....@gmail.com>
---
drivers/crypto/sunxi-ss/sun4i-ss-cipher.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
index fa4b1b47822e..60d99370a4ec 100644
--- a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
+++ b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
@@ -503,6 +503,8 @@ int sun4i_ss_cipher_init(struct crypto_tfm *tfm)
void sun4i_ss_cipher_exit(struct crypto_tfm *tfm)
{
struct sun4i_tfm_ctx *op = crypto_tfm_ctx(tfm);
+
+ memzero_explicit(op->key, op->keylen);
crypto_free_sync_skcipher(op->fallback_tfm);
}
--
2.21.0
leaking it in memory.
This patch adds this absent key cleaning.
Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
Cc: <sta...@vger.kernel.org> # 4.3+
Signed-off-by: Corentin Labbe <clabbe....@gmail.com>
---
drivers/crypto/sunxi-ss/sun4i-ss-cipher.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
index fa4b1b47822e..60d99370a4ec 100644
--- a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
+++ b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c
@@ -503,6 +503,8 @@ int sun4i_ss_cipher_init(struct crypto_tfm *tfm)
void sun4i_ss_cipher_exit(struct crypto_tfm *tfm)
{
struct sun4i_tfm_ctx *op = crypto_tfm_ctx(tfm);
+
+ memzero_explicit(op->key, op->keylen);
crypto_free_sync_skcipher(op->fallback_tfm);
}
--
2.21.0
Reply all
Reply to author
Forward
0 new messages