lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240411235157.19801-1-hailmo@amazon.com>
Date: Thu, 11 Apr 2024 23:51:56 +0000
From: Hailey Mothershead <hailmo@...zon.com>
To: <herbert@...dor.apana.org.au>
CC: <davem@...emloft.net>, <linux-crypto@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, <hailmo@...zon.com>
Subject: [PATCH 1/2] crypto: ecdh - zeroize crpytographic keys after use

Fips 140-3 specifies that Sensitive Security Parameters (SSPs) must be
zeroized after use and that overwriting these variables with a new SSP
is not sufficient for zeroization. So explicitly zeroize the private key
before it is overwritten in ecdh_set_secret.

It also requires that variables used in the creation of SSPs
be zeroized once they are no longer in use. Zeroize the public key as it
is used in the creation of the shared secret.

Signed-off-by: Hailey Mothershead <hailmo@...zon.com>
---
 crypto/ecdh.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 80afee3234fb..71599cadf0bc 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -33,6 +33,8 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
 	    params.key_size > sizeof(u64) * ctx->ndigits)
 		return -EINVAL;
 
+	memset(ctx->private_key, 0, sizeof(ctx->private_key));
+
 	if (!params.key || !params.key_size)
 		return ecc_gen_privkey(ctx->curve_id, ctx->ndigits,
 				       ctx->private_key);
@@ -111,7 +113,7 @@ static int ecdh_compute_value(struct kpp_request *req)
 free_all:
 	kfree_sensitive(shared_secret);
 free_pubkey:
-	kfree(public_key);
+	kfree_sensitive(public_key);
 	return ret;
 }
 
-- 
2.40.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ