Re: [PATCH] lib/sha1: remove memsets and allocate workspace on the stack

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joe Perches <joe@perches.com>
To: Mandeep Singh Baines <msb@chromium.org>
Cc: linux-kernel@vger.kernel.org,
	Ramsay Jones <ramsay@ramsay1.demon.co.uk>,
	Nicolas Pitre <nico@fluxnic.net>,
	Joachim Eastwood <manabian@gmail.com>,
	Andreas Schwab <schwab@linux-m68k.org>,
	Herbert Xu <herbert@gondor.hengli.com.au>,
	"David S. Miller" <davem@davemloft.net>,
	linux-crypto@vger.kernel.org,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH] lib/sha1: remove memsets and allocate workspace on the stack
Date: Mon, 08 Aug 2011 16:45:15 -0700	[thread overview]
Message-ID: <1312847115.1643.22.camel@Joe-Laptop> (raw)
In-Reply-To: <1312844837-10086-1-git-send-email-msb@chromium.org>

On Mon, 2011-08-08 at 16:07 -0700, Mandeep Singh Baines wrote:
> The previous implementation required the workspace to be passed in as
> a parameter. This prevents the compiler from being able to store the
> workspace in registers. I've also removed the memset since that also
> prevents the compiler from storing the workspace in registers.

I did a similar patch locally.

> There is no loss of security due to removing the memset. It would be a
> bug for the stack to leak to userspace. However, a defence-in-depth
> argument could be made for keeping the clearing of the workspace.

You should add #include <linux/crypthash.h> to
lib/sha1.c and perhaps rationalize the use of __u8
and char for the second argument to sha_transform in
the definition and uses.

For defense in depth, a bool could be added to sha_transform
like:

void sha_transform(__u32 *digest, const char *data, bool wipe);

and the internal workspace memset after use if wipe set though
perhaps the memset could be a compile time option like
CONFIG_CRYPTO_DEFENSE_IN_DEPTH or such instead.

> diff --git a/drivers/char/random.c b/drivers/char/random.c
[]
> @@ -816,13 +816,13 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
>  static void extract_buf(struct entropy_store *r, __u8 *out)
[]
> -		sha_transform(hash, (__u8 *)(r->pool + i), workspace);
> +		sha_transform(hash, (__u8 *)(r->pool + i));
[]
> diff --git a/include/linux/cryptohash.h b/include/linux/cryptohash.h
[]
> @@ -3,10 +3,9 @@
[]
> -void sha_transform(__u32 *digest, const char *data, __u32 *W);
> +void sha_transform(__u32 *digest, const char *data);
[]
> diff --git a/lib/sha1.c b/lib/sha1.c
[]
> +void sha_transform(__u32 *digest, const char *data)
[]
> diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
[]
> @@ -50,7 +49,7 @@ static u32 cookie_hash(__be32 saddr, __be32 daddr, __be16 sport, __be16 dport,
[]
> -	sha_transform(tmp + 16, (__u8 *)tmp, tmp + 16 + 5);
> +	sha_transform(tmp + 16, (__u8 *)tmp);
[]
> diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
[]
> @@ -2511,8 +2510,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
[]
>  			sha_transform((__u32 *)&xvp->cookie_bakery[0],
> -				      (char *)mess,
> -				      &workspace[0]);
> +				      (char *)mess);
[]
> diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
[]
> @@ -81,7 +80,7 @@ static u32 cookie_hash(const struct in6_addr *saddr, const struct in6_addr *dadd
[]
> -	sha_transform(tmp + 16, (__u8 *)tmp, tmp + 16 + 5);
> +	sha_transform(tmp + 16, (__u8 *)tmp);

next prev parent reply	other threads:[~2011-08-08 23:45 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-08 23:07 [PATCH] lib/sha1: remove memsets and allocate workspace on the stack Mandeep Singh Baines
2011-08-08 23:45 ` Joe Perches [this message]
2011-08-09  5:52   ` Mandeep Singh Baines
2011-08-09  8:58     ` [PATCH] treewide: Update sha_transform Joe Perches
2011-08-09 15:41       ` Linus Torvalds
2011-08-10  0:57         ` Joe Perches
2011-08-09  7:01   ` [PATCH] lib/sha1: remove memsets and allocate workspace on the stack Geert Uytterhoeven
2011-08-08 23:50 ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1312847115.1643.22.camel@Joe-Laptop \
    --to=joe@perches.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.hengli.com.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=manabian@gmail.com \
    --cc=msb@chromium.org \
    --cc=nico@fluxnic.net \
    --cc=ramsay@ramsay1.demon.co.uk \
    --cc=schwab@linux-m68k.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.