From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EBF0BC2BA19 for ; Wed, 15 Apr 2020 13:23:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BD9D92137B for ; Wed, 15 Apr 2020 13:23:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586957031; bh=Isrih8rMZJRUmtk7ZuU2q84AJ4iMXZIZZshpIbEwdNY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=1kJAGUSi8RY+SgA4zUmr51kzNl1WFA0CK/qy6/T5UpoZkmHfpr/A1YV6gqzMHAoA2 yBHPTBkF2VEvvI66UdpStpZ9sgTxHepfYlJBLQzqJ8BuXRe7es+HsPpJwC7ZSRhEea UzeRd+lPBWdr1a9F+dacCVm+JiLMOsPSIcos68/g= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2636005AbgDONXm (ORCPT ); Wed, 15 Apr 2020 09:23:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:54428 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2408871AbgDOLez (ORCPT ); Wed, 15 Apr 2020 07:34:55 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B2F1B20936; Wed, 15 Apr 2020 11:34:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586950495; bh=Isrih8rMZJRUmtk7ZuU2q84AJ4iMXZIZZshpIbEwdNY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=J7/0SHgEVxKEUh5cligVRowc3rhLOLZ0dRe/7KL95M/y698I7f9pzM4dcBZKPo7TY 5jimBIoC197qUFuYL8gn3qqc5C4kyXVpPrrkgWhHXhLWfNv3Nk/DdyLbVw1ZGC3txZ UMD0sV2RWOJ7XBY2yVyhiO8OHirNXzPzCoK0Nbco= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Torsten Duwe , Harald Freudenberger , Vasily Gorbik , Sasha Levin , linux-crypto@vger.kernel.org, linux-s390@vger.kernel.org Subject: [PATCH AUTOSEL 5.6 008/129] s390/crypto: explicitly memzero stack key material in aes_s390.c Date: Wed, 15 Apr 2020 07:32:43 -0400 Message-Id: <20200415113445.11881-8-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200415113445.11881-1-sashal@kernel.org> References: <20200415113445.11881-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org From: Torsten Duwe [ Upstream commit 4a559cd15dbc79958fa9b18ad4e8afe4a0bf4744 ] aes_s390.c has several functions which allocate space for key material on the stack and leave the used keys there. It is considered good practice to clean these locations before the function returns. Link: https://lkml.kernel.org/r/20200221165511.GB6928@lst.de Signed-off-by: Torsten Duwe Signed-off-by: Harald Freudenberger Signed-off-by: Vasily Gorbik Signed-off-by: Sasha Levin --- arch/s390/crypto/aes_s390.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c index 1c23d84a9097d..73044634d3427 100644 --- a/arch/s390/crypto/aes_s390.c +++ b/arch/s390/crypto/aes_s390.c @@ -342,6 +342,7 @@ static int cbc_aes_crypt(struct skcipher_request *req, unsigned long modifier) memcpy(walk.iv, param.iv, AES_BLOCK_SIZE); ret = skcipher_walk_done(&walk, nbytes - n); } + memzero_explicit(¶m, sizeof(param)); return ret; } @@ -470,6 +471,8 @@ static int xts_aes_crypt(struct skcipher_request *req, unsigned long modifier) walk.dst.virt.addr, walk.src.virt.addr, n); ret = skcipher_walk_done(&walk, nbytes - n); } + memzero_explicit(&pcc_param, sizeof(pcc_param)); + memzero_explicit(&xts_param, sizeof(xts_param)); return ret; } -- 2.20.1