crypto: aead,cipher - zeroize key buffer after use

[ Upstream commit 23e4099bdc ] I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key. Signed-off-by: Hailey Mothershead <hailmo@amazon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-14 07:44:21 +08:00 · 2024-04-15 22:19:15 +00:00 · 2024-04-15 22:19:15 +00:00 · b502d4a088
commit b502d4a088
parent 1ee644460f
2 changed files with 2 additions and 4 deletions
--- a/crypto/aead.c
+++ b/crypto/aead.c
@ -45,8 +45,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
+	kfree_sensitive(buffer);
 	kfree(buffer);
 	return ret;
 }
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@ -34,8 +34,7 @@ static int setkey_unaligned(struct crypto_cipher *tfm, const u8 *key,
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = cia->cia_setkey(crypto_cipher_tfm(tfm), alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
+	kfree_sensitive(buffer);
 	kfree(buffer);
 	return ret;
 }