From: "Serge E. Hallyn" <serge@hallyn.com>
To: Tycho Andersen <tycho@tycho.ws>
Cc: David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH 2/2] dh key: get rid of stack array allocation
Date: Tue, 13 Mar 2018 12:39:03 -0500 [thread overview]
Message-ID: <20180313173903.GA19174@mail.hallyn.com> (raw)
In-Reply-To: <20180313042907.29598-2-tycho@tycho.ws>
Quoting Tycho Andersen (tycho@tycho.ws):
> Similarly to the previous patch, we would like to get rid of stack
> allocated arrays: https://lkml.org/lkml/2018/3/7/621
>
> In this case, we can also use a malloc style approach to free the temporary
> buffer, being careful to also use kzfree to free them (indeed, at least one
> of these has a memzero_explicit, but it seems like maybe they both
> should?).
>
> Signed-off-by: Tycho Andersen <tycho@tycho.ws>
> CC: David Howells <dhowells@redhat.com>
> CC: James Morris <jmorris@namei.org>
> CC: "Serge E. Hallyn" <serge@hallyn.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
for both, thanks.
> ---
> security/keys/dh.c | 27 +++++++++++++++++++++------
> 1 file changed, 21 insertions(+), 6 deletions(-)
>
> diff --git a/security/keys/dh.c b/security/keys/dh.c
> index d1ea9f325f94..f02261b24759 100644
> --- a/security/keys/dh.c
> +++ b/security/keys/dh.c
> @@ -162,19 +162,27 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
> goto err;
>
> if (zlen && h) {
> - u8 tmpbuffer[h];
> + u8 *tmpbuffer;
> size_t chunk = min_t(size_t, zlen, h);
> - memset(tmpbuffer, 0, chunk);
> +
> + err = -ENOMEM;
> + tmpbuffer = kzalloc(chunk, GFP_KERNEL);
> + if (!tmpbuffer)
> + goto err;
>
> do {
> err = crypto_shash_update(desc, tmpbuffer,
> chunk);
> - if (err)
> + if (err) {
> + kzfree(tmpbuffer);
> goto err;
> + }
>
> zlen -= chunk;
> chunk = min_t(size_t, zlen, h);
> } while (zlen);
> +
> + kzfree(tmpbuffer);
> }
>
> if (src && slen) {
> @@ -184,13 +192,20 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
> }
>
> if (dlen < h) {
> - u8 tmpbuffer[h];
> + u8 *tmpbuffer;
> +
> + err = -ENOMEM;
> + tmpbuffer = kzalloc(h, GFP_KERNEL);
> + if (!tmpbuffer)
> + goto err;
>
> err = crypto_shash_final(desc, tmpbuffer);
> - if (err)
> + if (err) {
> + kzfree(tmpbuffer);
> goto err;
> + }
> memcpy(dst, tmpbuffer, dlen);
> - memzero_explicit(tmpbuffer, h);
> + kzfree(tmpbuffer);
> return 0;
> } else {
> err = crypto_shash_final(desc, dst);
> --
> 2.15.1
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Tycho Andersen <tycho@tycho.ws>
Cc: David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH 2/2] dh key: get rid of stack array allocation
Date: Tue, 13 Mar 2018 17:39:03 +0000 [thread overview]
Message-ID: <20180313173903.GA19174@mail.hallyn.com> (raw)
In-Reply-To: <20180313042907.29598-2-tycho@tycho.ws>
Quoting Tycho Andersen (tycho@tycho.ws):
> Similarly to the previous patch, we would like to get rid of stack
> allocated arrays: https://lkml.org/lkml/2018/3/7/621
>
> In this case, we can also use a malloc style approach to free the temporary
> buffer, being careful to also use kzfree to free them (indeed, at least one
> of these has a memzero_explicit, but it seems like maybe they both
> should?).
>
> Signed-off-by: Tycho Andersen <tycho@tycho.ws>
> CC: David Howells <dhowells@redhat.com>
> CC: James Morris <jmorris@namei.org>
> CC: "Serge E. Hallyn" <serge@hallyn.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
for both, thanks.
> ---
> security/keys/dh.c | 27 +++++++++++++++++++++------
> 1 file changed, 21 insertions(+), 6 deletions(-)
>
> diff --git a/security/keys/dh.c b/security/keys/dh.c
> index d1ea9f325f94..f02261b24759 100644
> --- a/security/keys/dh.c
> +++ b/security/keys/dh.c
> @@ -162,19 +162,27 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
> goto err;
>
> if (zlen && h) {
> - u8 tmpbuffer[h];
> + u8 *tmpbuffer;
> size_t chunk = min_t(size_t, zlen, h);
> - memset(tmpbuffer, 0, chunk);
> +
> + err = -ENOMEM;
> + tmpbuffer = kzalloc(chunk, GFP_KERNEL);
> + if (!tmpbuffer)
> + goto err;
>
> do {
> err = crypto_shash_update(desc, tmpbuffer,
> chunk);
> - if (err)
> + if (err) {
> + kzfree(tmpbuffer);
> goto err;
> + }
>
> zlen -= chunk;
> chunk = min_t(size_t, zlen, h);
> } while (zlen);
> +
> + kzfree(tmpbuffer);
> }
>
> if (src && slen) {
> @@ -184,13 +192,20 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
> }
>
> if (dlen < h) {
> - u8 tmpbuffer[h];
> + u8 *tmpbuffer;
> +
> + err = -ENOMEM;
> + tmpbuffer = kzalloc(h, GFP_KERNEL);
> + if (!tmpbuffer)
> + goto err;
>
> err = crypto_shash_final(desc, tmpbuffer);
> - if (err)
> + if (err) {
> + kzfree(tmpbuffer);
> goto err;
> + }
> memcpy(dst, tmpbuffer, dlen);
> - memzero_explicit(tmpbuffer, h);
> + kzfree(tmpbuffer);
> return 0;
> } else {
> err = crypto_shash_final(desc, dst);
> --
> 2.15.1
WARNING: multiple messages have this Message-ID (diff)
From: serge@hallyn.com (Serge E. Hallyn)
To: linux-security-module@vger.kernel.org
Subject: [PATCH 2/2] dh key: get rid of stack array allocation
Date: Tue, 13 Mar 2018 12:39:03 -0500 [thread overview]
Message-ID: <20180313173903.GA19174@mail.hallyn.com> (raw)
In-Reply-To: <20180313042907.29598-2-tycho@tycho.ws>
Quoting Tycho Andersen (tycho at tycho.ws):
> Similarly to the previous patch, we would like to get rid of stack
> allocated arrays: https://lkml.org/lkml/2018/3/7/621
>
> In this case, we can also use a malloc style approach to free the temporary
> buffer, being careful to also use kzfree to free them (indeed, at least one
> of these has a memzero_explicit, but it seems like maybe they both
> should?).
>
> Signed-off-by: Tycho Andersen <tycho@tycho.ws>
> CC: David Howells <dhowells@redhat.com>
> CC: James Morris <jmorris@namei.org>
> CC: "Serge E. Hallyn" <serge@hallyn.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
for both, thanks.
> ---
> security/keys/dh.c | 27 +++++++++++++++++++++------
> 1 file changed, 21 insertions(+), 6 deletions(-)
>
> diff --git a/security/keys/dh.c b/security/keys/dh.c
> index d1ea9f325f94..f02261b24759 100644
> --- a/security/keys/dh.c
> +++ b/security/keys/dh.c
> @@ -162,19 +162,27 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
> goto err;
>
> if (zlen && h) {
> - u8 tmpbuffer[h];
> + u8 *tmpbuffer;
> size_t chunk = min_t(size_t, zlen, h);
> - memset(tmpbuffer, 0, chunk);
> +
> + err = -ENOMEM;
> + tmpbuffer = kzalloc(chunk, GFP_KERNEL);
> + if (!tmpbuffer)
> + goto err;
>
> do {
> err = crypto_shash_update(desc, tmpbuffer,
> chunk);
> - if (err)
> + if (err) {
> + kzfree(tmpbuffer);
> goto err;
> + }
>
> zlen -= chunk;
> chunk = min_t(size_t, zlen, h);
> } while (zlen);
> +
> + kzfree(tmpbuffer);
> }
>
> if (src && slen) {
> @@ -184,13 +192,20 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
> }
>
> if (dlen < h) {
> - u8 tmpbuffer[h];
> + u8 *tmpbuffer;
> +
> + err = -ENOMEM;
> + tmpbuffer = kzalloc(h, GFP_KERNEL);
> + if (!tmpbuffer)
> + goto err;
>
> err = crypto_shash_final(desc, tmpbuffer);
> - if (err)
> + if (err) {
> + kzfree(tmpbuffer);
> goto err;
> + }
> memcpy(dst, tmpbuffer, dlen);
> - memzero_explicit(tmpbuffer, h);
> + kzfree(tmpbuffer);
> return 0;
> } else {
> err = crypto_shash_final(desc, dst);
> --
> 2.15.1
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-03-13 17:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-13 4:29 [PATCH 1/2] big key: get rid of stack array allocation Tycho Andersen
2018-03-13 4:29 ` Tycho Andersen
2018-03-13 4:29 ` Tycho Andersen
2018-03-13 4:29 ` [PATCH 2/2] dh " Tycho Andersen
2018-03-13 4:29 ` Tycho Andersen
2018-03-13 4:29 ` Tycho Andersen
2018-03-13 17:39 ` Serge E. Hallyn [this message]
2018-03-13 17:39 ` Serge E. Hallyn
2018-03-13 17:39 ` Serge E. Hallyn
2018-03-15 2:21 ` Eric Biggers
2018-03-15 2:21 ` Eric Biggers
2018-03-15 2:21 ` Eric Biggers
2018-03-21 4:05 ` Tycho Andersen
2018-03-21 4:05 ` Tycho Andersen
2018-03-21 4:05 ` Tycho Andersen
2018-03-15 1:51 ` [PATCH 1/2] big " Eric Biggers
2018-03-15 1:51 ` Eric Biggers
2018-03-15 1:51 ` Eric Biggers
2018-03-21 4:05 ` Tycho Andersen
2018-03-21 4:05 ` Tycho Andersen
2018-03-21 4:05 ` Tycho Andersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180313173903.GA19174@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=dhowells@redhat.com \
--cc=jmorris@namei.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.