Re: [PATCH] Use kzfree in crypto API context initialization and key/ivhandling

From: Rik van Riel
Date: Sun May 31 2009 - 10:38:58 EST

Next message: Rik van Riel: "Re: [PATCH] Use kzfree in crypto API context initialization and key/ivhandling"
Previous message: Arjan van de Ven: "Re: [patch 0/5] Support for sanitization flag in low-level pageallocator"
In reply to: Rik van Riel: "Re: [PATCH] Use kzfree in crypto API context initialization and key/ivhandling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Larry H. wrote:

[PATCH] Use kzfree in crypto API context initialization and key/iv handling

This patch replaces the kfree() calls within the crypto API (algorithms,
key setup and handling, etc) with kzfree(), to enforce sanitization of
the allocated memory.

This prevents such information from persisting on memory and eventually
leak to other kernel users or during coldboot attacks.

This patch replaces kfree() for context (algorithm meta-data) structures
too. Those are initialized or released once, and remain in use during the
lifetime of the cipher/algorithm instance, therefore no performance impact
exists for those specific changes.

This patch doesn't affect fastpaths.

Signed-off-by: Larry Highsmith <research@xxxxxxxxxxxxxx>

Acked-by: Rik van Riel <riel@xxxxxxxxxx>

--
All rights reversed.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rik van Riel: "Re: [PATCH] Use kzfree in crypto API context initialization and key/ivhandling"
Previous message: Arjan van de Ven: "Re: [patch 0/5] Support for sanitization flag in low-level pageallocator"
In reply to: Rik van Riel: "Re: [PATCH] Use kzfree in crypto API context initialization and key/ivhandling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]