Eric Lee / smarc-fsl-linux-kernel

08 Aug, 2020

1 commit

453431a54 mm, treewide: rename kzfree() to kfree_sensitive() ... Browse Code »

As said by Linus:

A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.

In "kzalloc()", the z is meaningful and an important part of what the
caller wants.

In "kzfree()", the z is actively detrimental, because maybe in the
future we really _might_ want to use that "memfill(0xdeadbeef)" or
something. The "zero" part of the interface isn't even _relevant_.

The main reason that kzfree() exists is to clear sensitive information
that should not be leaked to other future users of the same memory
objects.

Rename kzfree() to kfree_sensitive() to follow the example of the recently
added kvfree_sensitive() and make the intention of the API more explicit.
In addition, memzero_explicit() is used to clear the memory to make sure
that it won't get optimized away by the compiler.

The renaming is done by using the command sequence:

git grep -w --name-only kzfree |\
xargs sed -i 's/kzfree/kfree_sensitive/'

followed by some editing of the kfree_sensitive() kerneldoc and adding
a kzfree backward compatibility macro in slab.h.

[akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h]
[akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more]

Suggested-by: Joe Perches
Signed-off-by: Waiman Long
Signed-off-by: Andrew Morton
Acked-by: David Howells
Acked-by: Michal Hocko
Acked-by: Johannes Weiner
Cc: Jarkko Sakkinen
Cc: James Morris
Cc: "Serge E. Hallyn"
Cc: Joe Perches
Cc: Matthew Wilcox
Cc: David Rientjes
Cc: Dan Carpenter
Cc: "Jason A . Donenfeld"
Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com
Signed-off-by: Linus Torvalds

Waiman Long
2020-08-08 02:33:22 +0800

07 Oct, 2017

4 commits

c0153b0b9 Bluetooth: let the crypto subsystem generate the ecc privkey ... Browse Code »

That Bluetooth SMP knows about the private key is pointless, since the
detection of debug key usage is actually via the public key portion.
With this patch, the Bluetooth SMP will stop keeping a copy of the
ecdh private key and will let the crypto subsystem to generate and
handle the ecdh private key, potentially benefiting of hardware
ecc private key generation and retention.

The loop that tries to generate a correct private key is now removed and
we trust the crypto subsystem to generate a correct private key. This
backup logic should be done in crypto, if really needed.

Signed-off-by: Tudor Ambarus
Signed-off-by: Marcel Holtmann

Tudor Ambarus
2017-10-07 02:35:47 +0800
168ed6548 Bluetooth: ecdh_helper - fix leak of private key ... Browse Code »

tmp buffer contains the swapped private key. In case the setkey call
failed, the tmp buffer was freed without clearing the private key.

Zeroize the temporary buffer so we don't leak the private key.

Signed-off-by: Tudor Ambarus
Signed-off-by: Marcel Holtmann

Tudor Ambarus
2017-10-07 02:35:47 +0800
a29764161 Bluetooth: ecdh_helper - reveal error codes ... Browse Code »

ecdh_helper functions were hiding the error codes and chose to return
the return value of an relational operator, "==". Remove the unnecessary
query and reveal the error codes.

While updating the return values, code in a way that compilers will
warn in case of uninitialized err.

Signed-off-by: Tudor Ambarus
Signed-off-by: Marcel Holtmann

Tudor Ambarus
2017-10-07 02:35:47 +0800
47eb2ac80 Bluetooth: move ecdh allocation outside of ecdh_helper ... Browse Code »

Before this change, a new crypto tfm was allocated, each time,
for both key generation and shared secret computation.

Allocate a single tfm for both cases.

Signed-off-by: Tudor Ambarus
Signed-off-by: Marcel Holtmann

Tudor Ambarus
2017-10-07 02:35:47 +0800

22 May, 2017

1 commit

5d4acfc14 Bluetooth: Delete error messages for failed memory allocations in two functions ... Browse Code »

Omit two extra messages for memory allocation failures in these functions.

This issue was detected by using the Coccinelle software.

Link: http://events.linuxfoundation.org/sites/events/files/slides/LCJ16-Refactor_Strings-WSang_0.pdf
Signed-off-by: Markus Elfring
Signed-off-by: Marcel Holtmann

Markus Elfring
2017-05-22 16:23:41 +0800

30 Apr, 2017

3 commits

71653eb64 Bluetooth: Add selftest for ECDH key generation ... Browse Code »

Since the ECDH key generation takes a different path, it needs to be
tested as well. For this generate the public debug key from the private
debug key and compare both.

This also moves the seeding of the private key into the SMP calling code
to allow for easier re-use of the ECDH key generation helper.

Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg

Marcel Holtmann
2017-04-30 21:52:43 +0800
f95831535 Bluetooth: zero kpp input for key generation ... Browse Code »

When generating new ECDH keys with kpp, the shared secret input needs to
be set to NULL. Fix this by including kpp_request_set_input call.

Fixes: 58771c1c ("Bluetooth: convert smp and selftest to crypto kpp
API")
Signed-off-by: Marcel Holtmann
Signed-off-by: Johan Hedberg

Marcel Holtmann
2017-04-30 21:52:39 +0800
763d9a302 Bluetooth: allocate data for kpp on heap ... Browse Code »

Bluetooth would crash when computing ECDH keys with kpp
if VMAP_STACK is enabled. Fix by allocating data passed
to kpp on heap.

Fixes: 58771c1c ("Bluetooth: convert smp and selftest to crypto kpp
API")
Signed-off-by: Salvatore Benedetto
Signed-off-by: Marcel Holtmann

Salvatore Benedetto
2017-04-30 18:22:05 +0800

25 Apr, 2017

1 commit

58771c1cb Bluetooth: convert smp and selftest to crypto kpp API ... Browse Code »

* Convert both smp and selftest to crypto kpp API
* Remove module ecc as no more required
* Add ecdh_helper functions for wrapping kpp async calls

This patch has been tested *only* with selftest, which is called on
module loading.

Signed-off-by: Salvatore Benedetto
Signed-off-by: Marcel Holtmann

Salvatore Benedetto
2017-04-25 10:53:42 +0800