Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp4247352ybh; Tue, 17 Mar 2020 15:18:11 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuONaZIAqj8xoTL1GOaqAUCboIj3HNnMtVZ8wyEJvBVgzJ5nihFOrrV9n6fmLrdnAYnmM/Z X-Received: by 2002:a9d:4f0:: with SMTP id 103mr1273362otm.336.1584483491430; Tue, 17 Mar 2020 15:18:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584483491; cv=none; d=google.com; s=arc-20160816; b=SH8M0VJbRn3WZZc0cEnumPhmwCxUS2F5/a+4fV1whdyZhSljbQ2C8h4lc78q0lzM8f tzVrouxfLHGI8qZ7bOTGl6fpjmrwKRt5Q32u/IUVoXZ1CNhqInmMCO8tc4WXJxdALTIa xeaIHCKd64qrsUAtgjaUSiRbgIieuiBXz2yw3I8Vt99ykOaDoC7biMCkUfyzSBIzv9IY 9dHwK6569FUvyDYI788A/BavfL7/8T1z0hSDHze4wKK5zphoxff8Cbp5ZroLQM2LwahR TjNe7Ccc5RMq8NO+6GnZSJrvKcviDOseCmnMI+mZ+nsDrnArS0RmchuLk8v8gv+cW+79 YM2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=xbKsvJ/FpLCUMg+kGspZ3eAaj7fLsj7yBw8VfYtHnvg=; b=FwbLh4/RfTUW30k+gxwSRZzbyOS327e0afxHzPsnt5DFVtcUbMjQ15NO1PBITaM1jZ bAWFueQuSdzqytSjwpY2bUj4PgA6y8neE8y/vZ7xJeWfVveykCfiR6hGupGl9w9o4C1M cBYFJGaoLqe9pacsICQi/DvwsoLszYM8++ebZXxmj/I1lj27BCWvWtceRV+uG9O0SwIt 5DvE+b0Ivm+xgoHYTQ8EgCNIXSHkTmP78GWDuedQaOaA3kYE5MuirzyapBbCnVqylei7 J8sW8lXPUdPlqDCXp8Rjyo2A1srtZyaUijXKQVF20Nkgq6bIBdeQmWNgCp41bihUcC2i FjAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0QGP7zI9; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t5si2276912otp.130.2020.03.17.15.17.51; Tue, 17 Mar 2020 15:18:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0QGP7zI9; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726549AbgCQWRt (ORCPT + 99 others); Tue, 17 Mar 2020 18:17:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:33490 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726476AbgCQWRt (ORCPT ); Tue, 17 Mar 2020 18:17:49 -0400 Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 15A73206EC; Tue, 17 Mar 2020 22:17:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1584483468; bh=sY4cOhcMEMawFpaLftRkDuoAZYkzfT6Iq/pDMIVQ+QM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=0QGP7zI9fM58OdTLqDxjLIcR2NDM+WwQ4MBisE/1SCYXBDjdNnC+PTF/305E5GyST kIqZVvbLlzYcUqBHggnCaCPlwSH7VtJqmiU8YuCYpkjEJG1LvNZnpjOCI11ZdmF4Ey 0175SzJkfPb8KuTVROY2dRPony8hRwWy9EPhI0ys= Date: Tue, 17 Mar 2020 22:17:43 +0000 From: Will Deacon To: Torsten Duwe Cc: Catalin Marinas , Herbert Xu , "David S. Miller" , Russell King , linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, ardb@kernel.org Subject: Re: [Patch][Fix] crypto: arm{,64} neon: memzero_explicit aes-cbc key Message-ID: <20200317221743.GD20788@willie-the-truck> References: <20200313110258.94A0668C4E@verein.lst.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200313110258.94A0668C4E@verein.lst.de> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org [+Ard] On Fri, Mar 13, 2020 at 12:02:58PM +0100, Torsten Duwe wrote: > From: Torsten Duwe > > At function exit, do not leave the expanded key in the rk struct > which got allocated on the stack. > > Signed-off-by: Torsten Duwe > --- > Another small fix from our FIPS evaluation. I hope you don't mind I merged > arm32 and arm64 into one patch -- this is really simple. > --- a/arch/arm/crypto/aes-neonbs-glue.c > +++ b/arch/arm/crypto/aes-neonbs-glue.c > @@ -138,6 +138,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, > kernel_neon_begin(); > aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds); > kernel_neon_end(); > + memzero_explicit(&rk, sizeof(rk)); > > return crypto_cipher_setkey(ctx->enc_tfm, in_key, key_len); > } > diff --git a/arch/arm64/crypto/aes-neonbs-glue.c b/arch/arm64/crypto/aes-neonbs-glue.c > index e3e27349a9fe..c0b980503643 100644 > --- a/arch/arm64/crypto/aes-neonbs-glue.c > +++ b/arch/arm64/crypto/aes-neonbs-glue.c > @@ -151,6 +151,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, > kernel_neon_begin(); > aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds); > kernel_neon_end(); > + memzero_explicit(&rk, sizeof(rk)); > > return 0; > } I'm certainly not a crypto person, but this looks sensible to me and I couldn't find any other similar stack variable usage under arch/arm64/crypto/ at a quick glance. Acked-by: Will Deacon Will