]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
crypto: caam - guard HMAC key hex dumps in hash_digest_key
authorThorsten Blum <thorsten.blum@linux.dev>
Thu, 19 Mar 2026 09:29:33 +0000 (10:29 +0100)
committerHerbert Xu <herbert@gondor.apana.org.au>
Fri, 27 Mar 2026 09:52:43 +0000 (18:52 +0900)
Use print_hex_dump_devel() for dumping sensitive HMAC key bytes in
hash_digest_key() to avoid leaking secrets at runtime when
CONFIG_DYNAMIC_DEBUG is enabled.

Fixes: 045e36780f11 ("crypto: caam - ahash hmac support")
Fixes: 3f16f6c9d632 ("crypto: caam/qi2 - add support for ahash algorithms")
Cc: stable@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drivers/crypto/caam/caamalg_qi2.c
drivers/crypto/caam/caamhash.c

index 553994228a17b338589a5c8a7f484bdc02e41b31..854200850830bceb1c9e05b41043076779316023 100644 (file)
@@ -3270,7 +3270,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
        dpaa2_fl_set_addr(out_fle, key_dma);
        dpaa2_fl_set_len(out_fle, digestsize);
 
-       print_hex_dump_debug("key_in@" __stringify(__LINE__)": ",
+       print_hex_dump_devel("key_in@" __stringify(__LINE__)": ",
                             DUMP_PREFIX_ADDRESS, 16, 4, key, *keylen, 1);
        print_hex_dump_debug("shdesc@" __stringify(__LINE__)": ",
                             DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc),
@@ -3290,7 +3290,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
                /* in progress */
                wait_for_completion(&result.completion);
                ret = result.err;
-               print_hex_dump_debug("digested key@" __stringify(__LINE__)": ",
+               print_hex_dump_devel("digested key@" __stringify(__LINE__)": ",
                                     DUMP_PREFIX_ADDRESS, 16, 4, key,
                                     digestsize, 1);
        }
index e0a23c55c10e0fa992cdb212bc0cce8dfc7e2f0c..72cfe00df3f436076109958aa6d8d8bb7c6f2790 100644 (file)
@@ -393,7 +393,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
        append_seq_store(desc, digestsize, LDST_CLASS_2_CCB |
                         LDST_SRCDST_BYTE_CONTEXT);
 
-       print_hex_dump_debug("key_in@"__stringify(__LINE__)": ",
+       print_hex_dump_devel("key_in@"__stringify(__LINE__)": ",
                             DUMP_PREFIX_ADDRESS, 16, 4, key, *keylen, 1);
        print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ",
                             DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc),
@@ -408,7 +408,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
                wait_for_completion(&result.completion);
                ret = result.err;
 
-               print_hex_dump_debug("digested key@"__stringify(__LINE__)": ",
+               print_hex_dump_devel("digested key@"__stringify(__LINE__)": ",
                                     DUMP_PREFIX_ADDRESS, 16, 4, key,
                                     digestsize, 1);
        }