Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp1010465ybh; Wed, 18 Mar 2020 13:14:47 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsSTjXhFeKbYwcekPTvQTjOEdkxYVCRF3aDh6ERY6lgpHto9dSOAx3AnipxNBtKzAMHWBSf X-Received: by 2002:a54:4e96:: with SMTP id c22mr4742820oiy.110.1584562486951; Wed, 18 Mar 2020 13:14:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584562486; cv=none; d=google.com; s=arc-20160816; b=wF+k4Yh/5ZNdKW7FG6ZzDHFJ4e1n60m4kWH1EKB9t5G3Rns2BPbXlQozp2tRPAa6ln RXm812oR5HEXsou/l2lQyG0TxNbAXcVv3cvUg+Vfnij67KYZpl9iuhueI4HUlgi43Mmq 4Hh3v7M6IvZmGrAiqb1xIDRezSRNiE3wcp+2Uuw5loSBSXiE3BAU+C2RSWVQe+Axn7Id TLUMrqzeV795xfQOL66gx6DPgKD5pHPkLXEKniAM46lIGeiXrEq64NigAUq2gt413FZo qdcq98LWZH/1uV5iSeapESmBP6hnUTi0dbb2o6QXXYTrKBTCcTkjeaC+Lv4+ihQH8ARB DHDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=+NMCHrAycLvzD7y88r9U+WJRCZLV6y1sQAm3J8MPeFo=; b=LDmi/ymnWlGQQ+kmmZl/CFoWnMBHn4sxJ5kZxwXg9q/crlq9gViXRzLeSkiP1qP0dM Ez5SwNRGZ/Xf/OmLpXgozR/L/SujoRT0lY3wi7zsLiwEqK9XK4bBWWx1eu+7FMBmAUYT rZ5rwTd9d0uh7I7e5rwov3uXhfx9niLZO4fVNxOG+YpoPT2lC3Cenv6gmGVCsqLeWuJ1 VOAzsnz2gSrm7m290tDXiYaiYBBFSYYBcRN8FCm9QCsfDlw5m3m368l0CRrzNIzLCaXq HVGYbHPVndNMSIHBvEf741s1cwu73Qtb+G28+bwrxx6QxRkA5uDnPE5yjSHTVWf50b/5 Yh8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hG3NmuBE; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a66si1582otc.172.2020.03.18.13.14.23; Wed, 18 Mar 2020 13:14:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hG3NmuBE; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726741AbgCRUNr (ORCPT + 99 others); Wed, 18 Mar 2020 16:13:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:56708 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726647AbgCRUNq (ORCPT ); Wed, 18 Mar 2020 16:13:46 -0400 Received: from mail-qk1-f180.google.com (mail-qk1-f180.google.com [209.85.222.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0B1802077B for ; Wed, 18 Mar 2020 20:13:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1584562426; bh=4COnoFw4zZTTnD0icQvz2MrvlZlhqnrg/n8Iz1/EMx4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=hG3NmuBEg/VNJF/IzasJRv+KrhKn+chfwwim8Zb9QBC6PEP9RK7WhXO6Ozcvpoajp o2uT+sbqXtoNk9wLw4UdvfiYnCrwx6H8PzyQgeaPmwR321fVuj+8CQWqgSHLDO71Kn CsyL8chkBDdoLaUByLk+zYQ6P3dQ0+H8ur6eIKAc= Received: by mail-qk1-f180.google.com with SMTP id p6so2271088qkm.0 for ; Wed, 18 Mar 2020 13:13:46 -0700 (PDT) X-Gm-Message-State: ANhLgQ3CXIUCmbS+X+VKLcZLKa9LAT5WNTzfIyc11X3JP1Sq2RSjTDtm 0XMPQUyUjS6wdcLLs1bnVkzZDiemCakyRXz0NFQAyA== X-Received: by 2002:a37:634d:: with SMTP id x74mr6249300qkb.254.1584562425124; Wed, 18 Mar 2020 13:13:45 -0700 (PDT) MIME-Version: 1.0 References: <20200313110258.94A0668C4E@verein.lst.de> <20200317221743.GD20788@willie-the-truck> In-Reply-To: <20200317221743.GD20788@willie-the-truck> From: Ard Biesheuvel Date: Wed, 18 Mar 2020 16:13:33 -0400 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [Patch][Fix] crypto: arm{,64} neon: memzero_explicit aes-cbc key To: Will Deacon Cc: Torsten Duwe , Catalin Marinas , Herbert Xu , "David S. Miller" , Russell King , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , linux-arm-kernel , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, 17 Mar 2020 at 18:17, Will Deacon wrote: > > [+Ard] > > On Fri, Mar 13, 2020 at 12:02:58PM +0100, Torsten Duwe wrote: > > From: Torsten Duwe > > > > At function exit, do not leave the expanded key in the rk struct > > which got allocated on the stack. > > > > Signed-off-by: Torsten Duwe > > --- > > Another small fix from our FIPS evaluation. I hope you don't mind I merged > > arm32 and arm64 into one patch -- this is really simple. > > --- a/arch/arm/crypto/aes-neonbs-glue.c > > +++ b/arch/arm/crypto/aes-neonbs-glue.c > > @@ -138,6 +138,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, > > kernel_neon_begin(); > > aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds); > > kernel_neon_end(); > > + memzero_explicit(&rk, sizeof(rk)); > > > > return crypto_cipher_setkey(ctx->enc_tfm, in_key, key_len); > > } > > diff --git a/arch/arm64/crypto/aes-neonbs-glue.c b/arch/arm64/crypto/aes-neonbs-glue.c > > index e3e27349a9fe..c0b980503643 100644 > > --- a/arch/arm64/crypto/aes-neonbs-glue.c > > +++ b/arch/arm64/crypto/aes-neonbs-glue.c > > @@ -151,6 +151,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, > > kernel_neon_begin(); > > aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds); > > kernel_neon_end(); > > + memzero_explicit(&rk, sizeof(rk)); > > > > return 0; > > } > > I'm certainly not a crypto person, but this looks sensible to me and I > couldn't find any other similar stack variable usage under > arch/arm64/crypto/ at a quick glance. > > Acked-by: Will Deacon > Acked-by: Ard Biesheuvel