Re: [PATCH] crypto: caam - remove HMAC key hex dumps from hash_digest_key

Next message: Ethan Tidmore: "[PATCH] RDMA/efa: Fix possible deadlock"
Previous message: syzbot: "[syzbot] [bluetooth?] KASAN: stack-out-of-bounds Read in l2cap_send_cmd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Herbert Xu

Date: Sat Mar 14 2026 - 00:56:46 EST

On Fri, Mar 06, 2026 at 12:12:03PM +0100, Thorsten Blum wrote:
> Stop dumping sensitive HMAC key bytes (original and reduced keys) in
> hash_digest_key() to avoid leaking secrets when debug logging is
> enabled.
>
> Fixes: 045e36780f11 ("crypto: caam - ahash hmac support")
> Fixes: 3f16f6c9d632 ("crypto: caam/qi2 - add support for ahash algorithms")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>
> ---
> drivers/crypto/caam/caamalg_qi2.c | 5 -----
> drivers/crypto/caam/caamhash.c | 6 ------
> 2 files changed, 11 deletions(-)

What is the rationale for this? When debugging is enabled, all
sorts of things could be dumped, e.g., passwords.

Is there a scenario where production systems will run with debugging
enabled in caam?

Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt