| Message ID | 20220506143903.31776-8-giovanni.cabiddu@intel.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | crypto: qat - re-enable algorithms | expand |
On Fri, May 06, 2022 at 03:38:59PM +0100, Giovanni Cabiddu wrote: > Set to zero the DH context buffers containing the DH key before they are > freed. > This is to make sure keys are not leaked out by a subsequent memory > allocation. > > Cc: stable@vger.kernel.org > Fixes: c9839143ebbf ("crypto: qat - Add DH support") > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> > Reviewed-by: Adam Guerin <adam.guerin@intel.com> > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com> > --- > drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c > index d75eb77c9fb9..25bbd22085c3 100644 > --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c > +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c > @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params) > static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx) > { > if (ctx->g) { > + memset(ctx->g, 0, ctx->p_size); > dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g); > ctx->g = NULL; > } > if (ctx->xa) { > + memset(ctx->xa, 0, ctx->p_size); > dma_free_coherent(dev, ctx->p_size, ctx->xa, ctx->dma_xa); > ctx->xa = NULL; > } > if (ctx->p) { > + memset(ctx->p, 0, ctx->p_size); > dma_free_coherent(dev, ctx->p_size, ctx->p, ctx->dma_p); > ctx->p = NULL; > } > -- > 2.35.1 > As I just wrote, I do not think you need this. If you do, please explain what you are trying to protect the kernel from here. Itself? thanks, greg k-h
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c index d75eb77c9fb9..25bbd22085c3 100644 --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params) static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx) { if (ctx->g) { + memset(ctx->g, 0, ctx->p_size); dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g); ctx->g = NULL; } if (ctx->xa) { + memset(ctx->xa, 0, ctx->p_size); dma_free_coherent(dev, ctx->p_size, ctx->xa, ctx->dma_xa); ctx->xa = NULL; } if (ctx->p) { + memset(ctx->p, 0, ctx->p_size); dma_free_coherent(dev, ctx->p_size, ctx->p, ctx->dma_p); ctx->p = NULL; }
Set to zero the DH context buffers containing the DH key before they are freed. This is to make sure keys are not leaked out by a subsequent memory allocation. Cc: stable@vger.kernel.org Fixes: c9839143ebbf ("crypto: qat - Add DH support") Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Adam Guerin <adam.guerin@intel.com> Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com> --- drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++ 1 file changed, 3 insertions(+)