| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Apr 2024 23:51:56 +0000 From: Hailey Mothershead <hailmo@...zon.com> To: <herbert@...dor.apana.org.au> CC: <davem@...emloft.net>, <linux-crypto@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <hailmo@...zon.com> Subject: [PATCH 1/2] crypto: ecdh - zeroize crpytographic keys after use Fips 140-3 specifies that Sensitive Security Parameters (SSPs) must be zeroized after use and that overwriting these variables with a new SSP is not sufficient for zeroization. So explicitly zeroize the private key before it is overwritten in ecdh_set_secret. It also requires that variables used in the creation of SSPs be zeroized once they are no longer in use. Zeroize the public key as it is used in the creation of the shared secret. Signed-off-by: Hailey Mothershead <hailmo@...zon.com> --- crypto/ecdh.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ecdh.c b/crypto/ecdh.c index 80afee3234fb..71599cadf0bc 100644 --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -33,6 +33,8 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, params.key_size > sizeof(u64) * ctx->ndigits) return -EINVAL; + memset(ctx->private_key, 0, sizeof(ctx->private_key)); + if (!params.key || !params.key_size) return ecc_gen_privkey(ctx->curve_id, ctx->ndigits, ctx->private_key); @@ -111,7 +113,7 @@ static int ecdh_compute_value(struct kpp_request *req) free_all: kfree_sensitive(shared_secret); free_pubkey: - kfree(public_key); + kfree_sensitive(public_key); return ret; } -- 2.40.1
Powered by blists - more mailing lists