diff mbox series

s390 crypto: explicitly memzero stack key material in aes_s390.c

Message ID 20200221165511.GB6928@lst.de (mailing list archive)
State Not Applicable
Delegated to: Herbert Xu
Headers show
Series s390 crypto: explicitly memzero stack key material in aes_s390.c | expand

Commit Message

Torsten Duwe Feb. 21, 2020, 4:55 p.m. UTC 
From: Torsten Duwe <duwe@suse.de>

s390 crypto: explicitly memzero stack key material in aes_s390.c

aes_s390.c has several functions which allocate space for key material on
the stack and leave the used keys there. It is considered good practice
to clean these locations before the function returns.

Signed-off-by: Torsten Duwe <duwe@suse.de>
---
This popped up during our FIPS certification.
It's obviously a good idea not to leave key material on the stack.

Comments

Harald Freudenberger Feb. 25, 2020, 2:39 p.m. UTC | #1 
On 21.02.20 17:55, Torsten Duwe wrote:
> From: Torsten Duwe <duwe@suse.de>
>
> s390 crypto: explicitly memzero stack key material in aes_s390.c
>
> aes_s390.c has several functions which allocate space for key material on
> the stack and leave the used keys there. It is considered good practice
> to clean these locations before the function returns.
>
> Signed-off-by: Torsten Duwe <duwe@suse.de>
> ---
> This popped up during our FIPS certification.
> It's obviously a good idea not to leave key material on the stack.
>
> --- a/arch/s390/crypto/aes_s390.c
> +++ b/arch/s390/crypto/aes_s390.c
> @@ -392,6 +392,7 @@ static int cbc_aes_crypt(struct blkciphe
>  		ret = blkcipher_walk_done(desc, walk, nbytes - n);
>  	}
>  	memcpy(walk->iv, param.iv, AES_BLOCK_SIZE);
> +	memzero_explicit(&param, sizeof(param));
>  	return ret;
>  }
>
> @@ -576,6 +577,8 @@ static int xts_aes_crypt(struct blkciphe
>  			 walk->dst.virt.addr, walk->src.virt.addr, n);
>  		ret = blkcipher_walk_done(desc, walk, nbytes - n);
>  	}
> +	memzero_explicit(&pcc_param, sizeof(pcc_param));
> +	memzero_explicit(&xts_param, sizeof(xts_param));
>  	return ret;
>  }
>
>
Thanks Torsten, I've picked this patch. It will go upstream via the s390 subsystem with the next kernel merge window.
regards Harald Freudenberger
diff mbox series

Patch

--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -392,6 +392,7 @@  static int cbc_aes_crypt(struct blkciphe
 		ret = blkcipher_walk_done(desc, walk, nbytes - n);
 	}
 	memcpy(walk->iv, param.iv, AES_BLOCK_SIZE);
+	memzero_explicit(&param, sizeof(param));
 	return ret;
 }
 
@@ -576,6 +577,8 @@  static int xts_aes_crypt(struct blkciphe
 			 walk->dst.virt.addr, walk->src.virt.addr, n);
 		ret = blkcipher_walk_done(desc, walk, nbytes - n);
 	}
+	memzero_explicit(&pcc_param, sizeof(pcc_param));
+	memzero_explicit(&xts_param, sizeof(xts_param));
 	return ret;
 }