From: Daniel Borkmann <dborkman@redhat.com>
To: Julia Lawall <julia.lawall@lip6.fr>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>,
herbert@gondor.apana.org.au, tytso@mit.edu,
linux-crypto@vger.kernel.org, gmazyland@gmail.com
Subject: Re: [PATCH v2] crypto: memzero_explicit - make sure to clear out sensitive data
Date: Mon, 08 Sep 2014 09:59:07 +0200 [thread overview]
Message-ID: <540D61CB.4030804@redhat.com> (raw)
In-Reply-To: <alpine.DEB.2.10.1409080859100.2406@hadrien>
On 09/08/2014 09:00 AM, Julia Lawall wrote:
> On Mon, 8 Sep 2014, Hannes Frederic Sowa wrote:
>> On So, 2014-09-07 at 23:23 +0200, Daniel Borkmann wrote:
>>> Recently, in commit 13aa93c70e71 ("random: add and use memzero_explicit()
>>> for clearing data"), we have found that GCC may optimize some memset()
>>> cases away when it detects a stack variable is not being used anymore
>>> and going out of scope. This can happen, for example, in cases when we
>>> are clearing out sensitive information such as keying material or any
>>> e.g. intermediate results from crypto computations, etc.
>>>
>>> With the help of Coccinelle, we can figure out and fix such occurences
>>> in the crypto subsytem as well. Julia Lawall provided the following
>>> Coccinelle program:
>>>
>>> @@
>>> type T;
>>> identifier x;
>>> @@
>>>
>>> T x;
>>> ... when exists
>>> when any
>>> -memset
>>> +memzero_explicit
>>> (&x,
>>> -0,
>>> ...)
>>> ... when != x
>>> when strict
>>>
>>> @@
>>> type T;
>>> identifier x;
>>> @@
>>>
>>> T x[...];
>>> ... when exists
>>> when any
>>> -memset
>>> +memzero_explicit
>>> (x,
>>> -0,
>>> ...)
>>> ... when != x
>>> when strict
>>
>> I think this Coccinelle patch won't make it completely unnecessary for a
>> manual audit as it does not take optimizations (dead code eliminitation)
>> into account?
>
> I agree. If you see something else that could be taken into account in
> the semantic patch, please let me know.
Agreed, the code would fix the obvious candidates that would need
memzero_explicit() though. It also found the already fixed spots for
the random driver when I reran the script in that area, so I think
it's a good starting point nevertheless.
...
>>> Therefore, make use of the drop-in replacement memzero_explicit() for
>>> exactly such cases instead of using memset().
>>>
>>> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
>>> Cc: Julia Lawall <julia.lawall@lip6.fr>
>>> Cc: Herbert Xu <herbert@gondor.apana.org.au>
>>> Cc: Theodore Ts'o <tytso@mit.edu>
>>> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
>>
>> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org
>>
>> Thanks,
>> Hannes
next prev parent reply other threads:[~2014-09-08 8:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-07 21:23 [PATCH v2] crypto: memzero_explicit - make sure to clear out sensitive data Daniel Borkmann
2014-09-08 6:17 ` Hannes Frederic Sowa
2014-09-08 7:00 ` Julia Lawall
2014-09-08 7:59 ` Daniel Borkmann [this message]
2014-09-15 11:52 ` Herbert Xu
2014-09-25 20:23 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=540D61CB.4030804@redhat.com \
--to=dborkman@redhat.com \
--cc=gmazyland@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=herbert@gondor.apana.org.au \
--cc=julia.lawall@lip6.fr \
--cc=linux-crypto@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.