crypto: caam - guard HMAC key hex dumps in hash_digest_key

[ Upstream commit 177730a273b18e195263ed953853273e901b5064 ]

Use print_hex_dump_devel() for dumping sensitive HMAC key bytes in
hash_digest_key() to avoid leaking secrets at runtime when
CONFIG_DYNAMIC_DEBUG is enabled.

Fixes: 045e36780f11 ("crypto: caam - ahash hmac support")
Fixes: 3f16f6c9d632 ("crypto: caam/qi2 - add support for ahash algorithms")
Cc: stable@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index 78964e1712e581e1ffd451ebcf109fd6232397db..3343ddc30076f34649b773372d74a9ed187e1a6d 100644 (file)
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -3269,7 +3269,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
        dpaa2_fl_set_addr(out_fle, key_dma);
        dpaa2_fl_set_len(out_fle, digestsize);
 
-       print_hex_dump_debug("key_in@" __stringify(__LINE__)": ",
+       print_hex_dump_devel("key_in@" __stringify(__LINE__)": ",
                             DUMP_PREFIX_ADDRESS, 16, 4, key, *keylen, 1);
        print_hex_dump_debug("shdesc@" __stringify(__LINE__)": ",
                             DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc),
@@ -3289,7 +3289,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
                /* in progress */
                wait_for_completion(&result.completion);
                ret = result.err;
-               print_hex_dump_debug("digested key@" __stringify(__LINE__)": ",
+               print_hex_dump_devel("digested key@" __stringify(__LINE__)": ",
                                     DUMP_PREFIX_ADDRESS, 16, 4, key,
                                     digestsize, 1);
        }

diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
index 44122208f70cb94c7186e4995680bb8a1085b60a..a0c417b7b8059cf11b81978c076ef85bf357faaf 100644 (file)
--- a/drivers/crypto/caam/caamhash.c
+++ b/drivers/crypto/caam/caamhash.c
@@ -393,7 +393,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
        append_seq_store(desc, digestsize, LDST_CLASS_2_CCB |
                         LDST_SRCDST_BYTE_CONTEXT);
 
-       print_hex_dump_debug("key_in@"__stringify(__LINE__)": ",
+       print_hex_dump_devel("key_in@"__stringify(__LINE__)": ",
                             DUMP_PREFIX_ADDRESS, 16, 4, key, *keylen, 1);
        print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ",
                             DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc),
@@ -408,7 +408,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
                wait_for_completion(&result.completion);
                ret = result.err;
 
-               print_hex_dump_debug("digested key@"__stringify(__LINE__)": ",
+               print_hex_dump_devel("digested key@"__stringify(__LINE__)": ",
                                     DUMP_PREFIX_ADDRESS, 16, 4, key,
                                     digestsize, 1);
        }