| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200221165511.GB6928@lst.de>
Date: Fri, 21 Feb 2020 17:55:11 +0100
From: Torsten Duwe <duwe@....de>
To: Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Heiko Carstens <heiko.carstens@...ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ibm.com>
Cc: linux-crypto@...r.kernel.org, linux-s390@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: s390 crypto: explicitly memzero stack key material in aes_s390.c
From: Torsten Duwe <duwe@...e.de>
s390 crypto: explicitly memzero stack key material in aes_s390.c
aes_s390.c has several functions which allocate space for key material on
the stack and leave the used keys there. It is considered good practice
to clean these locations before the function returns.
Signed-off-by: Torsten Duwe <duwe@...e.de>
---
This popped up during our FIPS certification.
It's obviously a good idea not to leave key material on the stack.
--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -392,6 +392,7 @@ static int cbc_aes_crypt(struct blkciphe
ret = blkcipher_walk_done(desc, walk, nbytes - n);
}
memcpy(walk->iv, param.iv, AES_BLOCK_SIZE);
+ memzero_explicit(¶m, sizeof(param));
return ret;
}
@@ -576,6 +577,8 @@ static int xts_aes_crypt(struct blkciphe
walk->dst.virt.addr, walk->src.virt.addr, n);
ret = blkcipher_walk_done(desc, walk, nbytes - n);
}
+ memzero_explicit(&pcc_param, sizeof(pcc_param));
+ memzero_explicit(&xts_param, sizeof(xts_param));
return ret;
}
Powered by blists - more mailing lists