projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7fe8e48)
crypto: arm/neon - memzero_explicit aes-cbc key
authorTorsten Duwe <duwe@suse.de>
Fri, 13 Mar 2020 11:02:58 +0000 (12:02 +0100)
committerHerbert Xu <herbert@gondor.apana.org.au>
Fri, 20 Mar 2020 03:36:51 +0000 (14:36 +1100)
At function exit, do not leave the expanded key in the rk struct
which got allocated on the stack.

Signed-off-by: Torsten Duwe <duwe@suse.de>
Acked-by: Will Deacon <will@kernel.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
arch/arm/crypto/aes-neonbs-glue.c patch | blob | history
arch/arm64/crypto/aes-neonbs-glue.c patch | blob | history

diff --git a/arch/arm/crypto/aes-neonbs-glue.c b/arch/arm/crypto/aes-neonbs-glue.c
index e85839a..e6fd329 100644 (file)
--- a/arch/arm/crypto/aes-neonbs-glue.c
+++ b/arch/arm/crypto/aes-neonbs-glue.c
@@ -138,6 +138,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key,
        kernel_neon_begin();
        aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds);
        kernel_neon_end();
+       memzero_explicit(&rk, sizeof(rk));
 
        return crypto_cipher_setkey(ctx->enc_tfm, in_key, key_len);
 }
diff --git a/arch/arm64/crypto/aes-neonbs-glue.c b/arch/arm64/crypto/aes-neonbs-glue.c
index e3e2734..fb507d5 100644 (file)
--- a/arch/arm64/crypto/aes-neonbs-glue.c
+++ b/arch/arm64/crypto/aes-neonbs-glue.c
@@ -151,6 +151,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key,
        kernel_neon_begin();
        aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds);
        kernel_neon_end();
+       memzero_explicit(&rk, sizeof(rk));
 
        return 0;
 }