Commit 844cf829 authored by Holger Dengler's avatar Holger Dengler Committed by Alexander Gordeev
Browse files

s390/pkey: zeroize key blobs 



Key blobs for the IOCTLs PKEY_KBLOB2PROTK[23] may contain clear key
material. Zeroize the copies of these keys in kernel memory after
creating the protected key.

Reviewed-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
Signed-off-by: default avatarHolger Dengler <dengler@linux.ibm.com>
Signed-off-by: default avatarAlexander Gordeev <agordeev@linux.ibm.com>
parent 8703dd6b

drivers/s390/crypto/pkey_api.c

+3 −0
Original line number Diff line number Diff line
@@ -1293,6 +1293,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, 
			return PTR_ERR(kkey);

		rc = pkey_keyblob2pkey(kkey, ktp.keylen, &ktp.protkey);

		DEBUG_DBG("%s pkey_keyblob2pkey()=%d\n", __func__, rc);

		memzero_explicit(kkey, ktp.keylen);

		kfree(kkey);

		if (rc)

			break;
@@ -1426,6 +1427,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, 
					kkey, ktp.keylen, &ktp.protkey);

		DEBUG_DBG("%s pkey_keyblob2pkey2()=%d\n", __func__, rc);

		kfree(apqns);

		memzero_explicit(kkey, ktp.keylen);

		kfree(kkey);

		if (rc)

			break;
@@ -1552,6 +1554,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, 
					protkey, &protkeylen);

		DEBUG_DBG("%s pkey_keyblob2pkey3()=%d\n", __func__, rc);

		kfree(apqns);

		memzero_explicit(kkey, ktp.keylen);

		kfree(kkey);

		if (rc) {

			kfree(protkey);