* s390 crypto: explicitly memzero stack key material in aes_s390.c
@ 2020-02-21 16:55 Torsten Duwe
2020-02-25 14:39 ` Harald Freudenberger
0 siblings, 1 reply; 2+ messages in thread
From: Torsten Duwe @ 2020-02-21 16:55 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Heiko Carstens, Vasily Gorbik,
Christian Borntraeger
Cc: linux-crypto, linux-s390, linux-kernel
From: Torsten Duwe <duwe@suse.de>
s390 crypto: explicitly memzero stack key material in aes_s390.c
aes_s390.c has several functions which allocate space for key material on
the stack and leave the used keys there. It is considered good practice
to clean these locations before the function returns.
Signed-off-by: Torsten Duwe <duwe@suse.de>
---
This popped up during our FIPS certification.
It's obviously a good idea not to leave key material on the stack.
--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -392,6 +392,7 @@ static int cbc_aes_crypt(struct blkciphe
ret = blkcipher_walk_done(desc, walk, nbytes - n);
}
memcpy(walk->iv, param.iv, AES_BLOCK_SIZE);
+ memzero_explicit(¶m, sizeof(param));
return ret;
}
@@ -576,6 +577,8 @@ static int xts_aes_crypt(struct blkciphe
walk->dst.virt.addr, walk->src.virt.addr, n);
ret = blkcipher_walk_done(desc, walk, nbytes - n);
}
+ memzero_explicit(&pcc_param, sizeof(pcc_param));
+ memzero_explicit(&xts_param, sizeof(xts_param));
return ret;
}
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: s390 crypto: explicitly memzero stack key material in aes_s390.c
2020-02-21 16:55 s390 crypto: explicitly memzero stack key material in aes_s390.c Torsten Duwe
@ 2020-02-25 14:39 ` Harald Freudenberger
0 siblings, 0 replies; 2+ messages in thread
From: Harald Freudenberger @ 2020-02-25 14:39 UTC (permalink / raw)
To: Torsten Duwe
Cc: Herbert Xu, David S. Miller, Heiko Carstens, Vasily Gorbik,
Christian Borntraeger, linux-crypto, linux-s390, linux-kernel
On 21.02.20 17:55, Torsten Duwe wrote:
> From: Torsten Duwe <duwe@suse.de>
>
> s390 crypto: explicitly memzero stack key material in aes_s390.c
>
> aes_s390.c has several functions which allocate space for key material on
> the stack and leave the used keys there. It is considered good practice
> to clean these locations before the function returns.
>
> Signed-off-by: Torsten Duwe <duwe@suse.de>
> ---
> This popped up during our FIPS certification.
> It's obviously a good idea not to leave key material on the stack.
>
> --- a/arch/s390/crypto/aes_s390.c
> +++ b/arch/s390/crypto/aes_s390.c
> @@ -392,6 +392,7 @@ static int cbc_aes_crypt(struct blkciphe
> ret = blkcipher_walk_done(desc, walk, nbytes - n);
> }
> memcpy(walk->iv, param.iv, AES_BLOCK_SIZE);
> + memzero_explicit(¶m, sizeof(param));
> return ret;
> }
>
> @@ -576,6 +577,8 @@ static int xts_aes_crypt(struct blkciphe
> walk->dst.virt.addr, walk->src.virt.addr, n);
> ret = blkcipher_walk_done(desc, walk, nbytes - n);
> }
> + memzero_explicit(&pcc_param, sizeof(pcc_param));
> + memzero_explicit(&xts_param, sizeof(xts_param));
> return ret;
> }
>
>
Thanks Torsten, I've picked this patch. It will go upstream via the s390 subsystem with the next kernel merge window.
regards Harald Freudenberger
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-02-25 14:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-21 16:55 s390 crypto: explicitly memzero stack key material in aes_s390.c Torsten Duwe
2020-02-25 14:39 ` Harald Freudenberger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).