Bug 2223719

Summary: Temporary values used for the FIPS integrity test should be zeroized after use
Product: Red Hat Enterprise Linux 9 Reporter: Clemens Lang <cllang>
Component: kernelAssignee: Vladis Dronov <vdronov>
kernel sub component: Crypto QA Contact: Ondrej Moriš <omoris>
Status: ON_QA --- Docs Contact:
Severity: high    
Priority: high CC: herbert.xu, omoris, vdronov
Version: 9.2Keywords: Triaged, ZStream
Target Milestone: rc   
Target Release: 9.3   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel-5.14.0-353.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2227768 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2227768    
Attachments:
Description Flags
Proposed patch none

Description Clemens Lang 2023-07-18 15:41:07 UTC 
Description of problem:
The kernel uses temporary values for its integrity test in FIPS mode. It is a FIPS 140-3 requirement to zeroize these after use, but they are currently not.

To fix this, replace all instances of kfree(key) in crypto/asymmetric_keys/public_key.c with kfree_sensitive(key).


Version-Release number of selected component (if applicable):
kernel-5.14.0-340.el9

How reproducible:
Manunally inspect crypto/asymmetric_keys/public_key.c

Actual results:
kfree(key) is used

Expected results:
kfree_sensitive(key) is used

Additional info:
Please also backport this change to 9.2.z. No further backport is required at this time.
Comment 1 Clemens Lang 2023-07-18 15:50:20 UTC 
Created attachment 1976367 [details]
Proposed patch
Comment 2 Herbert Xu 2023-07-18 20:16:55 UTC 
Clemens, could you please submit this patch upstream? It looks good enough as it stands.  Thanks!
Comment 3 Clemens Lang 2023-07-20 15:14:34 UTC 
It'll be a while before I can get to doing that, since I've never sent a patch upstream for the kernel, and I don't have a lot of spare cycles at the moment.
Comment 4 Vladis Dronov 2023-07-21 14:57:30 UTC 
(In reply to Herbert Xu from comment #2)
> Clemens, could you please submit this patch upstream? It looks good enough as it stands.  Thanks!

I'll handle this (upstream submission and a RHEL work), thanks Clemens for the patch, thanks Herbert for a review.
Comment 5 Herbert Xu 2023-07-22 01:29:05 UTC 
Thanks Vladis.  As you noted, it seems that this patch is already queued up upstream so we simply need to wait:

https://patchwork.kernel.org/project/linux-crypto/patch/20230717125509.105015-1-mngyadam@amazon.com/