On Fri, May 06, 2022 at 11:23:50AM +0200, Greg KH wrote:
> On Fri, May 06, 2022 at 09:23:22AM +0100, Giovanni Cabiddu wrote:
> > Set to zero the DH context buffers containing the DH key before they are
> > freed.
>
> That says what, but not why.
>
> > Cc: stable@xxxxxxxxxxxxxxx
> > Fixes: c9839143ebbf ("crypto: qat - Add DH support")
> > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@xxxxxxxxx>
> > Reviewed-by: Adam Guerin <adam.guerin@xxxxxxxxx>
> > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@xxxxxxxxx>
> > ---
> > drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > index d75eb77c9fb9..2fec89b8a188 100644
> > --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
> > static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
> > {
> > if (ctx->g) {
> > + memzero_explicit(ctx->g, ctx->p_size);
> > dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
>
> Why is a memset() not sufficient here?
Based on the previous conversation a memset() should be sufficient.
> And what is this solving? Who would get this stale data?
This is to make sure the buffer containing sensitive data (i.e. a key)
is not leaked out by a subsequent allocation.
I will clarify it in the commit message.
Thanks,
--
Giovanni
