[PATCH] crypto: testmgr: clean up memory for sensitive information
Signed-off-by: Pirabarlen-Cheenaramen--- crypto/testmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index cd075c7..0af2e16 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -953,8 +953,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc, out_noaxbuf: testmgr_free_buf(xbuf); out_noxbuf: - kfree(key); - kfree(iv); + kzfree(key); + kzfree(iv); return ret; } -- 1.9.1
[PATCH] crypto: ecc : Wipe memory for p on errors.
Signed-off-by: Loganaden Velvindron--- crypto/ecc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ecc.c b/crypto/ecc.c index 414c78a..32f50c34 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -88,7 +88,7 @@ static struct ecc_point *ecc_alloc_point(unsigned int ndigits) err_alloc_y: ecc_free_digits_space(p->x); err_alloc_x: - kfree(p); + kzfree(p); return NULL; } -- 2.9.3
Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode
On Sat, Apr 22, 2017 at 3:54 PM, Sandy Harriswrote: > In the FreeS/WAN project, back around the turn of the century, > we refused to implement several things required by the RFCs Link to documentation: http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/compat.html#dropped
Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode
On Sat, Apr 22, 2017 at 2:56 AM, Stephan Müllerwrote: > Am Freitag, 21. April 2017, 17:25:41 CEST schrieb Stephan Müller: > Just for the records: for FIPS 140-2 rules, cipher_null is to be interpreted > as a memcpy on SGLs. Thus it is no cipher even though it sounds like one. > > cipher_null is also needed for seqiv which is required for rfc4106(gcm(aes)), > which is an approved cipher. Also, it is needed for authenc() which uses it > for copying the AAD from src to dst. > > That said, cipher_null must not be used for "encryption" operation but rather > for handling data that is not subjected to FIPS 140-2 rules. In the FreeS/WAN project, back around the turn of the century, we refused to implement several things required by the RFCs because we thought they were insecure: null cipher, single DES & 768-bit DH Group 1. At that time, not having DES did cause some problems in interoperating with other IPsec implementations, but I doubt it would today. Neither of the other dropped items caused any problems at all. Today I'd say drop all of those plus the 1024-bit Group 2, and then look at whether others should go as well. As of 2001 or so, the 1536-bit Group 5 was very widely used, so dropping it might well be problematic, but I am not certain if it is either secure or widely used now.