Re: [PATCH] crypto: ecdsa - explicitly zeroize pub_key
From: Ignat Korchagin
Date: Mon Apr 14 2025 - 11:53:06 EST
Hi,
On Mon, Apr 14, 2025 at 3:11 PM Vladis Dronov <vdronov@xxxxxxxxxx> wrote:
>
> The FIPS standard, as a part of the Sensitive Security Parameter area,
> requires the FIPS module to provide methods to zeroise all the unprotected
> SSP (Security Sensitive Parameters), i.e. both the CSP (Critical Security
> Parameters), and the PSP (Public Security Parameters):
>
> A module shall provide methods to zeroise all unprotected SSPs and key
> components within the module.
>
> This requirement is mentioned in the section AS09.28 "Sensitive security
> parameter zeroisation – Levels 1, 2, 3, and 4" of FIPS 140-3 / ISO 19790.
> This is required for the FIPS certification. Thus, add a public key
> zeroization to ecdsa_ecc_ctx_deinit().
>
> Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx>
> ---
> crypto/ecdsa.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
> index 117526d15dde..e7f58ad5ac76 100644
> --- a/crypto/ecdsa.c
> +++ b/crypto/ecdsa.c
> @@ -96,10 +96,12 @@ static int ecdsa_ecc_ctx_init(struct ecc_ctx *ctx, unsigned int curve_id)
> return 0;
> }
>
> -
> static void ecdsa_ecc_ctx_deinit(struct ecc_ctx *ctx)
> {
> ctx->pub_key_set = false;
> +
> + memzero_explicit(ctx->x, sizeof(ctx->x));
> + memzero_explicit(ctx->y, sizeof(ctx->y));
Isn't this already done with crypto_destroy_tfm()? Or am I missing something?
Ignat
> }
>
> static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx)
> --
> 2.49.0
>