From patchwork Mon May 9 13:19:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Giovanni Cabiddu X-Patchwork-Id: 571082 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19413C433EF for ; Mon, 9 May 2022 13:19:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235429AbiEINX3 (ORCPT ); Mon, 9 May 2022 09:23:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60812 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235485AbiEINX1 (ORCPT ); Mon, 9 May 2022 09:23:27 -0400 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A059B2B1645; Mon, 9 May 2022 06:19:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652102373; x=1683638373; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=iw7AkwX6aWzKG6Flh+f4y/Qhta8v4tot42bt4LXNf+I=; b=GOMX32zT0PLnXB1oGlqHK1kQIB2Bc/SYei8HOS08ZdtGsesaK59xQGgA olNarXpQzWv68eyjEvtQUpbZBYK4sLSKt2LOb/xkSXXunOIG9mZYhjHSJ +XZg6+ys+h8TnIheLSJZsCTB9uPyXBRTXnYrSzelLZOnSRSdFomba7zwb i6x1Mg8//B5voaFiMdDO/emI6kzmZobtupfTQWn9NFPWTyLvs6uVQNMl6 Ern6v4Zek/1UC5jG9tTJIYq3rQBUlMkddmg80EfZkFFUzP8gRTN3LFLn0 oaut+WWTJz2tLb86/LgPBoZNaNuyOm4u6Z6gwyWIkc1vfz0iat6PauCIr g==; X-IronPort-AV: E=McAfee;i="6400,9594,10341"; a="268712064" X-IronPort-AV: E=Sophos;i="5.91,211,1647327600"; d="scan'208";a="268712064" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 May 2022 06:19:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,211,1647327600"; d="scan'208";a="519229672" Received: from silpixa00400314.ir.intel.com (HELO silpixa00400314.ger.corp.intel.com) ([10.237.222.76]) by orsmga003.jf.intel.com with ESMTP; 09 May 2022 06:19:31 -0700 From: Giovanni Cabiddu To: herbert@gondor.apana.org.au Cc: linux-crypto@vger.kernel.org, qat-linux@intel.com, Giovanni Cabiddu , stable@vger.kernel.org, Adam Guerin , Wojciech Ziemba Subject: [PATCH] crypto: qat - set to zero DH parameters before free Date: Mon, 9 May 2022 14:19:27 +0100 Message-Id: <20220509131927.55387-1-giovanni.cabiddu@intel.com> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Organization: Intel Research and Development Ireland Ltd - Co. Reg. #308263 - Collinstown Industrial Park, Leixlip, County Kildare - Ireland Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Set to zero the context buffers containing the DH key before they are freed. This is a defense in depth measure that avoids keys to be recovered from memory in case the system is compromised between the free of the buffer and when that area of memory (containing keys) gets overwritten. Cc: stable@vger.kernel.org Fixes: c9839143ebbf ("crypto: qat - Add DH support") Signed-off-by: Giovanni Cabiddu Reviewed-by: Adam Guerin Reviewed-by: Wojciech Ziemba --- drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c index b0b78445418b..5633f9df3b6f 100644 --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c @@ -420,14 +420,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params) static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx) { if (ctx->g) { + memset(ctx->g, 0, ctx->p_size); dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g); ctx->g = NULL; } if (ctx->xa) { + memset(ctx->xa, 0, ctx->p_size); dma_free_coherent(dev, ctx->p_size, ctx->xa, ctx->dma_xa); ctx->xa = NULL; } if (ctx->p) { + memset(ctx->p, 0, ctx->p_size); dma_free_coherent(dev, ctx->p_size, ctx->p, ctx->dma_p); ctx->p = NULL; }