Re: [PATCH] crypto: caam - remove HMAC key hex dumps from hash_digest_key

Next message: Arnd Bergmann: "Re: [PATCH] ALSA: asihpi: avoid write overflow check warning"
Previous message: Frederic Weisbecker: "Re: [PATCH -next v1 10/16] rcu-tasks: Document that RCU Tasks Trace grace periods now imply RCU grace periods"
In reply to: Thorsten Blum: "Re: [PATCH] crypto: caam - remove HMAC key hex dumps from hash_digest_key"
Next in thread: Thorsten Blum: "Re: [PATCH] crypto: caam - remove HMAC key hex dumps from hash_digest_key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Herbert Xu

Date: Wed Mar 18 2026 - 08:18:58 EST

On Wed, Mar 18, 2026 at 01:02:11PM +0100, Thorsten Blum wrote:
>
> My main concern is that with CONFIG_DYNAMIC_DEBUG enabled, which doesn't
> require DEBUG, these raw key dumps can still be turned on at runtime in
> a deployed kernel.
>
> If we want to keep the dumps for debug-only kernels, then #ifdef DEBUG
> plus print_hex_dump() might be a good compromise.

Exactly. Having sensitive information printed with DYNAMIC_DEBUG
is arguably a problem, but putting them behind DEBUG is definitely
OK.

Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt