On Tue, 17 Mar 2020 at 18:17, Will Deacon <will@xxxxxxxxxx> wrote: > > [+Ard] > > On Fri, Mar 13, 2020 at 12:02:58PM +0100, Torsten Duwe wrote: > > From: Torsten Duwe <duwe@xxxxxxx> > > > > At function exit, do not leave the expanded key in the rk struct > > which got allocated on the stack. > > > > Signed-off-by: Torsten Duwe <duwe@xxxxxxx> > > --- > > Another small fix from our FIPS evaluation. I hope you don't mind I merged > > arm32 and arm64 into one patch -- this is really simple. > > --- a/arch/arm/crypto/aes-neonbs-glue.c > > +++ b/arch/arm/crypto/aes-neonbs-glue.c > > @@ -138,6 +138,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, > > kernel_neon_begin(); > > aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds); > > kernel_neon_end(); > > + memzero_explicit(&rk, sizeof(rk)); > > > > return crypto_cipher_setkey(ctx->enc_tfm, in_key, key_len); > > } > > diff --git a/arch/arm64/crypto/aes-neonbs-glue.c b/arch/arm64/crypto/aes-neonbs-glue.c > > index e3e27349a9fe..c0b980503643 100644 > > --- a/arch/arm64/crypto/aes-neonbs-glue.c > > +++ b/arch/arm64/crypto/aes-neonbs-glue.c > > @@ -151,6 +151,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key, > > kernel_neon_begin(); > > aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds); > > kernel_neon_end(); > > + memzero_explicit(&rk, sizeof(rk)); > > > > return 0; > > } > > I'm certainly not a crypto person, but this looks sensible to me and I > couldn't find any other similar stack variable usage under > arch/arm64/crypto/ at a quick glance. > > Acked-by: Will Deacon <will@xxxxxxxxxx> > Acked-by: Ard Biesheuvel <ardb@xxxxxxxxxx>