On Mon, Apr 14, 2025 at 5:53 PM Ignat Korchagin <ignat@xxxxxxxxxxxxxx> wrote:
>
> Hi,
>
> On Mon, Apr 14, 2025 at 3:11 PM Vladis Dronov <vdronov@xxxxxxxxxx> wrote:
> >
> > The FIPS standard, as a part of the Sensitive Security Parameter area,
> > requires the FIPS module to provide methods to zeroise all the unprotected
> > SSP (Security Sensitive Parameters), i.e. both the CSP (Critical Security
> > Parameters), and the PSP (Public Security Parameters):
> >
> > A module shall provide methods to zeroise all unprotected SSPs and key
> > components within the module.
> >
> > This requirement is mentioned in the section AS09.28 "Sensitive security
> > parameter zeroisation – Levels 1, 2, 3, and 4" of FIPS 140-3 / ISO 19790.
> > This is required for the FIPS certification. Thus, add a public key
> > zeroization to ecdsa_ecc_ctx_deinit().
> >
> > Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx>
> > ---
> > crypto/ecdsa.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
> > index 117526d15dde..e7f58ad5ac76 100644
> > --- a/crypto/ecdsa.c
> > +++ b/crypto/ecdsa.c
> > @@ -96,10 +96,12 @@ static int ecdsa_ecc_ctx_init(struct ecc_ctx *ctx, unsigned int curve_id)
> > return 0;
> > }
> >
> > -
> > static void ecdsa_ecc_ctx_deinit(struct ecc_ctx *ctx)
> > {
> > ctx->pub_key_set = false;
> > +
> > + memzero_explicit(ctx->x, sizeof(ctx->x));
> > + memzero_explicit(ctx->y, sizeof(ctx->y));
>
> Isn't this already done with crypto_destroy_tfm()? Or am I missing something?
>
> Ignat
Thank you for your input, Ignat, most appreciated.
Indeed, the memory for ecc_ctx is cleared with kfree_sensitive()
in crypto_destroy_tfm(), you are right. And people at FIPS LAB
seem to be okay with that (for now).
So, please disregard this patch, I'm sorry for the noise.
Best regards,
Vladis
>
> > }
> >
> > static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx)
> > --
> > 2.49.0
> >
>
