diff mbox series

[1/2] crypto: ecdh - zeroize crpytographic keys after use

Message ID 20240411235157.19801-1-hailmo@amazon.com (mailing list archive)
State Changes Requested
Delegated to: Herbert Xu
Headers show
Series [1/2] crypto: ecdh - zeroize crpytographic keys after use | expand

Commit Message

Mothershead, Hailey April 11, 2024, 11:51 p.m. UTC
Fips 140-3 specifies that Sensitive Security Parameters (SSPs) must be
zeroized after use and that overwriting these variables with a new SSP
is not sufficient for zeroization. So explicitly zeroize the private key
before it is overwritten in ecdh_set_secret.

It also requires that variables used in the creation of SSPs
be zeroized once they are no longer in use. Zeroize the public key as it
is used in the creation of the shared secret.

Signed-off-by: Hailey Mothershead <hailmo@amazon.com>
---
 crypto/ecdh.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Herbert Xu April 12, 2024, 2:55 a.m. UTC | #1
On Thu, Apr 11, 2024 at 11:51:56PM +0000, Hailey Mothershead wrote:
>
> @@ -111,7 +113,7 @@ static int ecdh_compute_value(struct kpp_request *req)
>  free_all:
>  	kfree_sensitive(shared_secret);
>  free_pubkey:
> -	kfree(public_key);
> +	kfree_sensitive(public_key);

It makes no sense to zero the public key.  Nack.
diff mbox series

Patch

diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 80afee3234fb..71599cadf0bc 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -33,6 +33,8 @@  static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
 	    params.key_size > sizeof(u64) * ctx->ndigits)
 		return -EINVAL;
 
+	memset(ctx->private_key, 0, sizeof(ctx->private_key));
+
 	if (!params.key || !params.key_size)
 		return ecc_gen_privkey(ctx->curve_id, ctx->ndigits,
 				       ctx->private_key);
@@ -111,7 +113,7 @@  static int ecdh_compute_value(struct kpp_request *req)
 free_all:
 	kfree_sensitive(shared_secret);
 free_pubkey:
-	kfree(public_key);
+	kfree_sensitive(public_key);
 	return ret;
 }