Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4991996iob; Mon, 9 May 2022 06:29:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxQpZsuk11vHYGqjGsofFvkbPRPgPYgfZB6V4hx9BXLzcdhA8hffrFZj+s1EZwWeuXNw1tk X-Received: by 2002:a63:9141:0:b0:3c6:270f:cec2 with SMTP id l62-20020a639141000000b003c6270fcec2mr12907240pge.182.1652102945728; Mon, 09 May 2022 06:29:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652102945; cv=none; d=google.com; s=arc-20160816; b=H4PCCa8nYIiD/GeEsM4rz8sfCfg6MUZVFIgPEjdj1YqSspuY7TGMaNdIbYAVNAMU1S MGBWQk8GCeyV1oZuAWpI1h4ncczbS58S7J8tlJHfE09GMDuc0Ax2uOsIwKfZx5cXeoDx 3x5nLq09FdZo/Tq1/Zn0hXQCMmA3ysD5djiYSQDHMc1t6HXDf2mkHRIkUDYEgmYtNrxj Q8SupdKuUUNOSHKjspBY/fZwmQq18GnkT/8MnY6iWGw+z7B/yvm4GSXD3UVma+2k/J93 LBlw+7Vw8ChjJsKLqcSnQSN+Q/rWl4xepGWGTT+xALs052PGne4U9jISV5OTIxswP6Cu sY0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:organization :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=c1Twg/7i4rHhVFg/tfC/FSoY/Pqs3EeHx1C0BOkNRj8=; b=Jr/njDU/tch07PLKFL5D0HOZr6IV9iV2i5acAM2KzjNHAv8GSToXNdjeCTMywjzklr yZYL1rfYnViog5chxnu2IKhATBNUjaxwvihsnoIF1JioEG1BU2If1ydZAEUX1CgypIZX XMTv603NXe925XknBxMztqUfx71lHyDyDFOnHGDNMt8dBdMzZ7pHVkOQMTb2aQRfqQQ+ gEXO2kUu6Tb6IXvIgG7J5bdWuZnUQDx+Klm6PhMV/vm7fY5Wa5/VdTgoqFeaIEqvvCmB tq3spQII3oAdzcXKyE7fjZ/ls5fqpnHM4yemEtV06jpaVGz1UsbS0FQx/snTrer2Bz1r njqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GOMX32zT; spf=softfail (google.com: domain of transitioning linux-crypto-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id x187-20020a6331c4000000b003c20594afcdsi14832196pgx.755.2022.05.09.06.29.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 May 2022 06:29:05 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-crypto-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GOMX32zT; spf=softfail (google.com: domain of transitioning linux-crypto-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 6D5332B164B; Mon, 9 May 2022 06:19:41 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235429AbiEINX3 (ORCPT + 99 others); Mon, 9 May 2022 09:23:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60812 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235485AbiEINX1 (ORCPT ); Mon, 9 May 2022 09:23:27 -0400 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A059B2B1645; Mon, 9 May 2022 06:19:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652102373; x=1683638373; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=iw7AkwX6aWzKG6Flh+f4y/Qhta8v4tot42bt4LXNf+I=; b=GOMX32zT0PLnXB1oGlqHK1kQIB2Bc/SYei8HOS08ZdtGsesaK59xQGgA olNarXpQzWv68eyjEvtQUpbZBYK4sLSKt2LOb/xkSXXunOIG9mZYhjHSJ +XZg6+ys+h8TnIheLSJZsCTB9uPyXBRTXnYrSzelLZOnSRSdFomba7zwb i6x1Mg8//B5voaFiMdDO/emI6kzmZobtupfTQWn9NFPWTyLvs6uVQNMl6 Ern6v4Zek/1UC5jG9tTJIYq3rQBUlMkddmg80EfZkFFUzP8gRTN3LFLn0 oaut+WWTJz2tLb86/LgPBoZNaNuyOm4u6Z6gwyWIkc1vfz0iat6PauCIr g==; X-IronPort-AV: E=McAfee;i="6400,9594,10341"; a="268712064" X-IronPort-AV: E=Sophos;i="5.91,211,1647327600"; d="scan'208";a="268712064" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 May 2022 06:19:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,211,1647327600"; d="scan'208";a="519229672" Received: from silpixa00400314.ir.intel.com (HELO silpixa00400314.ger.corp.intel.com) ([10.237.222.76]) by orsmga003.jf.intel.com with ESMTP; 09 May 2022 06:19:31 -0700 From: Giovanni Cabiddu To: herbert@gondor.apana.org.au Cc: linux-crypto@vger.kernel.org, qat-linux@intel.com, Giovanni Cabiddu , stable@vger.kernel.org, Adam Guerin , Wojciech Ziemba Subject: [PATCH] crypto: qat - set to zero DH parameters before free Date: Mon, 9 May 2022 14:19:27 +0100 Message-Id: <20220509131927.55387-1-giovanni.cabiddu@intel.com> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Organization: Intel Research and Development Ireland Ltd - Co. Reg. #308263 - Collinstown Industrial Park, Leixlip, County Kildare - Ireland Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Set to zero the context buffers containing the DH key before they are freed. This is a defense in depth measure that avoids keys to be recovered from memory in case the system is compromised between the free of the buffer and when that area of memory (containing keys) gets overwritten. Cc: stable@vger.kernel.org Fixes: c9839143ebbf ("crypto: qat - Add DH support") Signed-off-by: Giovanni Cabiddu Reviewed-by: Adam Guerin Reviewed-by: Wojciech Ziemba --- drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c index b0b78445418b..5633f9df3b6f 100644 --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c @@ -420,14 +420,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params) static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx) { if (ctx->g) { + memset(ctx->g, 0, ctx->p_size); dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g); ctx->g = NULL; } if (ctx->xa) { + memset(ctx->xa, 0, ctx->p_size); dma_free_coherent(dev, ctx->p_size, ctx->xa, ctx->dma_xa); ctx->xa = NULL; } if (ctx->p) { + memset(ctx->p, 0, ctx->p_size); dma_free_coherent(dev, ctx->p_size, ctx->p, ctx->dma_p); ctx->p = NULL; } -- 2.35.1