On 21.02.20 17:55, Torsten Duwe wrote: > From: Torsten Duwe <duwe@xxxxxxx> > > s390 crypto: explicitly memzero stack key material in aes_s390.c > > aes_s390.c has several functions which allocate space for key material on > the stack and leave the used keys there. It is considered good practice > to clean these locations before the function returns. > > Signed-off-by: Torsten Duwe <duwe@xxxxxxx> > --- > This popped up during our FIPS certification. > It's obviously a good idea not to leave key material on the stack. > > --- a/arch/s390/crypto/aes_s390.c > +++ b/arch/s390/crypto/aes_s390.c > @@ -392,6 +392,7 @@ static int cbc_aes_crypt(struct blkciphe > ret = blkcipher_walk_done(desc, walk, nbytes - n); > } > memcpy(walk->iv, param.iv, AES_BLOCK_SIZE); > + memzero_explicit(¶m, sizeof(param)); > return ret; > } > > @@ -576,6 +577,8 @@ static int xts_aes_crypt(struct blkciphe > walk->dst.virt.addr, walk->src.virt.addr, n); > ret = blkcipher_walk_done(desc, walk, nbytes - n); > } > + memzero_explicit(&pcc_param, sizeof(pcc_param)); > + memzero_explicit(&xts_param, sizeof(xts_param)); > return ret; > } > > Thanks Torsten, I've picked this patch. It will go upstream via the s390 subsystem with the next kernel merge window. regards Harald Freudenberger
