[PATCH 0/2] crypto: zeroization of buffers

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 0/2] crypto: zeroization of buffers
@ 2014-11-11  4:36 Stephan Mueller
  2014-11-11  4:37 ` [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer Stephan Mueller
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Stephan Mueller @ 2014-11-11  4:36 UTC (permalink / raw)
  To: Herbert Xu; +Cc: 'Sandy Harris', linux-crypto, linux-kernel

Hi Herbert,

as discussed, these patches use the memzero_explicit function that is
yet to be integrated into the cryptodev-2.6 tree.

Stephan Mueller (2):
  crypto: AF_ALG - zeroize message digest buffer
  crypto: AF_ALG - zeroize IV buffer

 crypto/algif_hash.c     | 2 ++
 crypto/algif_skcipher.c | 1 +
 2 files changed, 3 insertions(+)

-- 
2.1.0

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer
  2014-11-11  4:36 [PATCH 0/2] crypto: zeroization of buffers Stephan Mueller
@ 2014-11-11  4:37 ` Stephan Mueller
  2014-11-11  9:34   ` Daniel Borkmann
  2014-11-11  4:37 ` [PATCH 2/2] crypto: AF_ALG - zeroize IV buffer Stephan Mueller
  2014-11-12 14:17 ` [PATCH 0/2] crypto: zeroization of buffers Herbert Xu
  2 siblings, 1 reply; 5+ messages in thread
From: Stephan Mueller @ 2014-11-11  4:37 UTC (permalink / raw)
  To: Herbert Xu; +Cc: 'Sandy Harris', linux-crypto, linux-kernel

Zeroize the buffer holding the message digest calculated for the
consumer before the buffer is released by the hash AF_ALG interface
handler.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 crypto/algif_hash.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 8502462..f75db4c 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -258,6 +258,8 @@ static void hash_sock_destruct(struct sock *sk)
 	struct alg_sock *ask = alg_sk(sk);
 	struct hash_ctx *ctx = ask->private;
 
+	memzero_explicit(ctx->result,
+		     crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
 	sock_kfree_s(sk, ctx->result,
 		     crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
 	sock_kfree_s(sk, ctx, ctx->len);
-- 
2.1.0

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer
  2014-11-11  4:37 ` [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer Stephan Mueller
@ 2014-11-11  9:34   ` Daniel Borkmann
  0 siblings, 0 replies; 5+ messages in thread
From: Daniel Borkmann @ 2014-11-11  9:34 UTC (permalink / raw)
  To: Stephan Mueller
  Cc: Herbert Xu, 'Sandy Harris', linux-crypto, linux-kernel

Hi Stephan,

On 11/11/2014 05:37 AM, Stephan Mueller wrote:
> Zeroize the buffer holding the message digest calculated for the
> consumer before the buffer is released by the hash AF_ALG interface
> handler.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
> ---
>   crypto/algif_hash.c | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
> index 8502462..f75db4c 100644
> --- a/crypto/algif_hash.c
> +++ b/crypto/algif_hash.c
> @@ -258,6 +258,8 @@ static void hash_sock_destruct(struct sock *sk)
>   	struct alg_sock *ask = alg_sk(sk);
>   	struct hash_ctx *ctx = ask->private;
>
> +	memzero_explicit(ctx->result,
> +		     crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
>   	sock_kfree_s(sk, ctx->result,

Perhaps something like this (alternatively kzfree() would work, too) ...

static void __sock_kfree_s(struct sock *sk, void *mem, int size,
			   bool clear_mem)
{
	if (WARN_ON_ONCE(!mem))
		return;
	if (clear_mem)
		memzero_explicit(mem, size);
	kfree(mem);
	atomic_sub(size, &sk->sk_omem_alloc);
}

void sock_kfree_s(struct sock *sk, void *mem, int size)
{
	__sock_kfree_s(sk, mem, size, false);
}
EXPORT_SYMBOL(sock_kfree_s);

void sock_kzfree_s(struct sock *sk, void *mem, int size)
{
	__sock_kfree_s(sk, mem, size, true);
}
EXPORT_SYMBOL(sock_kzfree_s);

... so you could then just use it as drop-in in various places:

sock_kzfree_s(sk, ctx->result, ...);

>   		     crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
>   	sock_kfree_s(sk, ctx, ctx->len);
>

Thanks,
Daniel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 2/2] crypto: AF_ALG - zeroize IV buffer
  2014-11-11  4:36 [PATCH 0/2] crypto: zeroization of buffers Stephan Mueller
  2014-11-11  4:37 ` [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer Stephan Mueller
@ 2014-11-11  4:37 ` Stephan Mueller
  2014-11-12 14:17 ` [PATCH 0/2] crypto: zeroization of buffers Herbert Xu
  2 siblings, 0 replies; 5+ messages in thread
From: Stephan Mueller @ 2014-11-11  4:37 UTC (permalink / raw)
  To: Herbert Xu; +Cc: 'Sandy Harris', linux-crypto, linux-kernel

Zeroize the buffer holding the IV used for the completed
cipher operation before the buffer is released by the
skcipher AF_ALG interface handler.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 crypto/algif_skcipher.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 83187f4..85e3bdb 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -566,6 +566,7 @@ static void skcipher_sock_destruct(struct sock *sk)
 	struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(&ctx->req);
 
 	skcipher_free_sgl(sk);
+	memzero_explicit(ctx->iv, crypto_ablkcipher_ivsize(tfm));
 	sock_kfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
 	sock_kfree_s(sk, ctx, ctx->len);
 	af_alg_release_parent(sk);
-- 
2.1.0

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 0/2] crypto: zeroization of buffers
  2014-11-11  4:36 [PATCH 0/2] crypto: zeroization of buffers Stephan Mueller
  2014-11-11  4:37 ` [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer Stephan Mueller
  2014-11-11  4:37 ` [PATCH 2/2] crypto: AF_ALG - zeroize IV buffer Stephan Mueller
@ 2014-11-12 14:17 ` Herbert Xu
  2 siblings, 0 replies; 5+ messages in thread
From: Herbert Xu @ 2014-11-12 14:17 UTC (permalink / raw)
  To: Stephan Mueller; +Cc: 'Sandy Harris', linux-crypto, linux-kernel

On Tue, Nov 11, 2014 at 05:36:16AM +0100, Stephan Mueller wrote:
> Hi Herbert,
> 
> as discussed, these patches use the memzero_explicit function that is
> yet to be integrated into the cryptodev-2.6 tree.
> 
> Stephan Mueller (2):
>   crypto: AF_ALG - zeroize message digest buffer
>   crypto: AF_ALG - zeroize IV buffer
> 
>  crypto/algif_hash.c     | 2 ++
>  crypto/algif_skcipher.c | 1 +
>  2 files changed, 3 insertions(+)

All applied.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-11-12 14:17 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-11  4:36 [PATCH 0/2] crypto: zeroization of buffers Stephan Mueller
2014-11-11  4:37 ` [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer Stephan Mueller
2014-11-11  9:34   ` Daniel Borkmann
2014-11-11  4:37 ` [PATCH 2/2] crypto: AF_ALG - zeroize IV buffer Stephan Mueller
2014-11-12 14:17 ` [PATCH 0/2] crypto: zeroization of buffers Herbert Xu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.