[PATCH] crypto: testmgr: clean up memory for sensitive information

2017-04-22 Thread Pirabarlen-Cheenaramen 
Signed-off-by: Pirabarlen-Cheenaramen 
---
 crypto/testmgr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index cd075c7..0af2e16 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -953,8 +953,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
 out_noaxbuf:
testmgr_free_buf(xbuf);
 out_noxbuf:
-   kfree(key);
-   kfree(iv);
+   kzfree(key);
+   kzfree(iv);
return ret;
 }
 
-- 
1.9.1

[PATCH] crypto: ecc : Wipe memory for p on errors.

2017-04-22 Thread Loganaden Velvindron 
Signed-off-by: Loganaden Velvindron 
---
 crypto/ecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index 414c78a..32f50c34 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -88,7 +88,7 @@ static struct ecc_point *ecc_alloc_point(unsigned int ndigits)
 err_alloc_y:
ecc_free_digits_space(p->x);
 err_alloc_x:
-   kfree(p);
+   kzfree(p);
return NULL;
 }
 
-- 
2.9.3

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-22 Thread Sandy Harris 
On Sat, Apr 22, 2017 at 3:54 PM, Sandy Harris  wrote:

> In the FreeS/WAN project, back around the turn of the century,
> we refused to implement several things required by the RFCs

Link to documentation:
http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/compat.html#dropped

Re: [PATCH] crypto: Allow ecb(cipher_null) in FIPS mode

2017-04-22 Thread Sandy Harris 
On Sat, Apr 22, 2017 at 2:56 AM, Stephan Müller  wrote:

> Am Freitag, 21. April 2017, 17:25:41 CEST schrieb Stephan Müller:

> Just for the records: for FIPS 140-2 rules, cipher_null is to be interpreted
> as a memcpy on SGLs. Thus it is no cipher even though it sounds like one.
>
> cipher_null is also needed for seqiv which is required for rfc4106(gcm(aes)),
> which is an approved cipher. Also, it is needed for authenc() which uses it
> for copying the AAD from src to dst.
>
> That said, cipher_null must not be used for "encryption" operation but rather
> for handling data that is not subjected to FIPS 140-2 rules.

In the FreeS/WAN project, back around the turn of the century,
we refused to implement several things required by the RFCs
because we thought they were insecure: null cipher, single
DES & 768-bit DH Group 1.

At that time, not having DES did cause some problems in
interoperating with other IPsec implementations, but I
doubt it would today. Neither of the other dropped items
caused any problems at all.

Today I'd say drop all of those plus the 1024-bit Group 2,
and then look at whether others should go as well. As of
2001 or so, the 1536-bit Group 5 was very widely used,
so dropping it might well be problematic, but I am not
certain if it is either secure or widely used now.