1. Patchew
  2. linux
  3. View series

[PATCH v2] KEYS: use kfree_sensitive with key

Mahmoud Adam posted 1 patch 2 years, 7 months ago
There is a newer version of this series
crypto/asymmetric_keys/public_key.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
[PATCH v2] KEYS: use kfree_sensitive with key
Posted by Mahmoud Adam 2 years, 7 months ago 
key might contain private part of the key, so better use
kfree_sensitive to free it

Signed-off-by: Mahmoud Adam <mngyadam@amazon.com>
---
v2: kfree_sensitive only private key

 crypto/asymmetric_keys/public_key.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index eca5671ad3f2..cd8c4123d936 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -43,7 +43,10 @@ static void public_key_describe(const struct key *asymmetric_key,
 void public_key_free(struct public_key *key)
 {
 	if (key) {
-		kfree(key->key);
+		if(key->key_is_private)
+			kfree_sensitive(key->key);
+		else
+			kfree(key->key);
 		kfree(key->params);
 		kfree(key);
 	}
@@ -218,7 +221,7 @@ static int software_key_query(const struct kernel_pkey_params *params,
 	ret = 0;

 error_free_key:
-	kfree(key);
+	kfree_sensitive(key);
 error_free_tfm:
 	crypto_free_akcipher(tfm);
 	pr_devel("<==%s() = %d\n", __func__, ret);
@@ -303,7 +306,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params,
 		ret = req->dst_len;

 error_free_key:
-	kfree(key);
+	kfree_sensitive(key);
 error_free_req:
 	akcipher_request_free(req);
 error_free_tfm:
@@ -456,7 +459,7 @@ int public_key_verify_signature(const struct public_key *pkey,
 	ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);

 error_free_key:
-	kfree(key);
+	kfree_sensitive(key);
 error_free_req:
 	akcipher_request_free(req);
 error_free_tfm:
--
2.40.1
Re: [PATCH v2] KEYS: use kfree_sensitive with key
Posted by Herbert Xu 2 years, 7 months ago 
On Thu, Jun 15, 2023 at 12:57:13PM +0000, Mahmoud Adam wrote:
> key might contain private part of the key, so better use
> kfree_sensitive to free it
> 
> Signed-off-by: Mahmoud Adam <mngyadam@amazon.com>
> ---
> v2: kfree_sensitive only private key
> 
>  crypto/asymmetric_keys/public_key.c | 11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)

Sorry, I was confused by the naming in this file.  These public_keys
can indeed be private.  So I'll just take your original patch.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH v2] KEYS: use kfree_sensitive with key
Posted by Adam, Mahmoud 2 years, 7 months ago 

> On 16. Jun 2023, at 12:31, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> 
> On Thu, Jun 15, 2023 at 12:57:13PM +0000, Mahmoud Adam wrote:
>> key might contain private part of the key, so better use
>> kfree_sensitive to free it
>> 
>> Signed-off-by: Mahmoud Adam <mngyadam@amazon.com>
>> ---
>> v2: kfree_sensitive only private key
>> 
>> crypto/asymmetric_keys/public_key.c | 11 +++++++----
>> 1 file changed, 7 insertions(+), 4 deletions(-)
> 
> Sorry, I was confused by the naming in this file.  These public_keys
> can indeed be private.  So I'll just take your original patch.

It’s indeed very confusing.

Thanks for the review.

Mahmoud Adam



Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.