[+Ard] On Fri, Mar 13, 2020 at 12:02:58PM +0100, Torsten Duwe wrote: > From: Torsten Duwe <duwe@xxxxxxx> > > At function exit, do not leave the expanded key in the rk struct > which got allocated on the stack. > > Signed-off-by: Torsten Duwe <duwe@xxxxxxx> > --- > Another small fix from our FIPS evaluation. I hope you don't mind I merged > arm32 and arm64 into one patch -- this is really simple. > --- a/arch/arm/crypto/aes-neonbs-glue.c > +++ b/arch/arm/crypto/aes-neonbs-glue.c > @@ -138,6 +138,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, > kernel_neon_begin(); > aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds); > kernel_neon_end(); > + memzero_explicit(&rk, sizeof(rk)); > > return crypto_cipher_setkey(ctx->enc_tfm, in_key, key_len); > } > diff --git a/arch/arm64/crypto/aes-neonbs-glue.c b/arch/arm64/crypto/aes-neonbs-glue.c > index e3e27349a9fe..c0b980503643 100644 > --- a/arch/arm64/crypto/aes-neonbs-glue.c > +++ b/arch/arm64/crypto/aes-neonbs-glue.c > @@ -151,6 +151,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, > kernel_neon_begin(); > aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds); > kernel_neon_end(); > + memzero_explicit(&rk, sizeof(rk)); > > return 0; > } I'm certainly not a crypto person, but this looks sensible to me and I couldn't find any other similar stack variable usage under arch/arm64/crypto/ at a quick glance. Acked-by: Will Deacon <will@xxxxxxxxxx> Will