summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTorsten Duwe <duwe@suse.de>2020-03-13 12:02:58 +0100
committerHerbert Xu <herbert@gondor.apana.org.au>2020-03-20 04:36:51 +0100
commit82ff493eb77cfd28fbfea6ce29bdaaffe238c0b2 (patch)
tree1857e2353fcf200e133c5f9bccb87c9e0a8b69ff
parentcrypto: bcm - Use scnprintf() for avoiding potential buffer overflow (diff)
downloadlinux-82ff493eb77cfd28fbfea6ce29bdaaffe238c0b2.tar.xz
linux-82ff493eb77cfd28fbfea6ce29bdaaffe238c0b2.zip
crypto: arm/neon - memzero_explicit aes-cbc key
At function exit, do not leave the expanded key in the rk struct which got allocated on the stack. Signed-off-by: Torsten Duwe <duwe@suse.de> Acked-by: Will Deacon <will@kernel.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--arch/arm/crypto/aes-neonbs-glue.c1
-rw-r--r--arch/arm64/crypto/aes-neonbs-glue.c1
2 files changed, 2 insertions, 0 deletions
diff --git a/arch/arm/crypto/aes-neonbs-glue.c b/arch/arm/crypto/aes-neonbs-glue.c
index e85839a8aaeb..e6fd32919c81 100644
--- a/arch/arm/crypto/aes-neonbs-glue.c
+++ b/arch/arm/crypto/aes-neonbs-glue.c
@@ -138,6 +138,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key,
kernel_neon_begin();
aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds);
kernel_neon_end();
+ memzero_explicit(&rk, sizeof(rk));
return crypto_cipher_setkey(ctx->enc_tfm, in_key, key_len);
}
diff --git a/arch/arm64/crypto/aes-neonbs-glue.c b/arch/arm64/crypto/aes-neonbs-glue.c
index e3e27349a9fe..fb507d569922 100644
--- a/arch/arm64/crypto/aes-neonbs-glue.c
+++ b/arch/arm64/crypto/aes-neonbs-glue.c
@@ -151,6 +151,7 @@ static int aesbs_cbc_setkey(struct crypto_skcipher *tfm, const u8 *in_key,
kernel_neon_begin();
aesbs_convert_key(ctx->key.rk, rk.key_enc, ctx->key.rounds);
kernel_neon_end();
+ memzero_explicit(&rk, sizeof(rk));
return 0;
}