[PATCH 0/2] crypto: zeroization of buffers

linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 0/2] crypto: zeroization of buffers
@ 2014-11-11  4:36 Stephan Mueller
  2014-11-11  4:37 ` [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer Stephan Mueller
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Stephan Mueller @ 2014-11-11  4:36 UTC (permalink / raw)
  To: Herbert Xu; +Cc: 'Sandy Harris', linux-crypto, linux-kernel

Hi Herbert,

as discussed, these patches use the memzero_explicit function that is
yet to be integrated into the cryptodev-2.6 tree.

Stephan Mueller (2):
  crypto: AF_ALG - zeroize message digest buffer
  crypto: AF_ALG - zeroize IV buffer

 crypto/algif_hash.c     | 2 ++
 crypto/algif_skcipher.c | 1 +
 2 files changed, 3 insertions(+)

-- 
2.1.0

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer
  2014-11-11  4:36 [PATCH 0/2] crypto: zeroization of buffers Stephan Mueller
@ 2014-11-11  4:37 ` Stephan Mueller
  2014-11-11  9:34   ` Daniel Borkmann
  2014-11-11  4:37 ` [PATCH 2/2] crypto: AF_ALG - zeroize IV buffer Stephan Mueller
  2014-11-12 14:17 ` [PATCH 0/2] crypto: zeroization of buffers Herbert Xu
  2 siblings, 1 reply; 5+ messages in thread
From: Stephan Mueller @ 2014-11-11  4:37 UTC (permalink / raw)
  To: Herbert Xu; +Cc: 'Sandy Harris', linux-crypto, linux-kernel

Zeroize the buffer holding the message digest calculated for the
consumer before the buffer is released by the hash AF_ALG interface
handler.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 crypto/algif_hash.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 8502462..f75db4c 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -258,6 +258,8 @@ static void hash_sock_destruct(struct sock *sk)
 	struct alg_sock *ask = alg_sk(sk);
 	struct hash_ctx *ctx = ask->private;
 
+	memzero_explicit(ctx->result,
+		     crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
 	sock_kfree_s(sk, ctx->result,
 		     crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
 	sock_kfree_s(sk, ctx, ctx->len);
-- 
2.1.0

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer
  2014-11-11  4:37 ` [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer Stephan Mueller
@ 2014-11-11  9:34   ` Daniel Borkmann
  0 siblings, 0 replies; 5+ messages in thread
From: Daniel Borkmann @ 2014-11-11  9:34 UTC (permalink / raw)
  To: Stephan Mueller
  Cc: Herbert Xu, 'Sandy Harris', linux-crypto, linux-kernel

Hi Stephan,

On 11/11/2014 05:37 AM, Stephan Mueller wrote:
> Zeroize the buffer holding the message digest calculated for the
> consumer before the buffer is released by the hash AF_ALG interface
> handler.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
> ---
>   crypto/algif_hash.c | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
> index 8502462..f75db4c 100644
> --- a/crypto/algif_hash.c
> +++ b/crypto/algif_hash.c
> @@ -258,6 +258,8 @@ static void hash_sock_destruct(struct sock *sk)
>   	struct alg_sock *ask = alg_sk(sk);
>   	struct hash_ctx *ctx = ask->private;
>
> +	memzero_explicit(ctx->result,
> +		     crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
>   	sock_kfree_s(sk, ctx->result,

Perhaps something like this (alternatively kzfree() would work, too) ...

static void __sock_kfree_s(struct sock *sk, void *mem, int size,
			   bool clear_mem)
{
	if (WARN_ON_ONCE(!mem))
		return;
	if (clear_mem)
		memzero_explicit(mem, size);
	kfree(mem);
	atomic_sub(size, &sk->sk_omem_alloc);
}

void sock_kfree_s(struct sock *sk, void *mem, int size)
{
	__sock_kfree_s(sk, mem, size, false);
}
EXPORT_SYMBOL(sock_kfree_s);

void sock_kzfree_s(struct sock *sk, void *mem, int size)
{
	__sock_kfree_s(sk, mem, size, true);
}
EXPORT_SYMBOL(sock_kzfree_s);

... so you could then just use it as drop-in in various places:

sock_kzfree_s(sk, ctx->result, ...);

>   		     crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
>   	sock_kfree_s(sk, ctx, ctx->len);
>

Thanks,
Daniel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 2/2] crypto: AF_ALG - zeroize IV buffer
  2014-11-11  4:36 [PATCH 0/2] crypto: zeroization of buffers Stephan Mueller
  2014-11-11  4:37 ` [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer Stephan Mueller
@ 2014-11-11  4:37 ` Stephan Mueller
  2014-11-12 14:17 ` [PATCH 0/2] crypto: zeroization of buffers Herbert Xu
  2 siblings, 0 replies; 5+ messages in thread
From: Stephan Mueller @ 2014-11-11  4:37 UTC (permalink / raw)
  To: Herbert Xu; +Cc: 'Sandy Harris', linux-crypto, linux-kernel

Zeroize the buffer holding the IV used for the completed
cipher operation before the buffer is released by the
skcipher AF_ALG interface handler.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 crypto/algif_skcipher.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 83187f4..85e3bdb 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -566,6 +566,7 @@ static void skcipher_sock_destruct(struct sock *sk)
 	struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(&ctx->req);
 
 	skcipher_free_sgl(sk);
+	memzero_explicit(ctx->iv, crypto_ablkcipher_ivsize(tfm));
 	sock_kfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
 	sock_kfree_s(sk, ctx, ctx->len);
 	af_alg_release_parent(sk);
-- 
2.1.0

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 0/2] crypto: zeroization of buffers
  2014-11-11  4:36 [PATCH 0/2] crypto: zeroization of buffers Stephan Mueller
  2014-11-11  4:37 ` [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer Stephan Mueller
  2014-11-11  4:37 ` [PATCH 2/2] crypto: AF_ALG - zeroize IV buffer Stephan Mueller
@ 2014-11-12 14:17 ` Herbert Xu
  2 siblings, 0 replies; 5+ messages in thread
From: Herbert Xu @ 2014-11-12 14:17 UTC (permalink / raw)
  To: Stephan Mueller; +Cc: 'Sandy Harris', linux-crypto, linux-kernel

On Tue, Nov 11, 2014 at 05:36:16AM +0100, Stephan Mueller wrote:
> Hi Herbert,
> 
> as discussed, these patches use the memzero_explicit function that is
> yet to be integrated into the cryptodev-2.6 tree.
> 
> Stephan Mueller (2):
>   crypto: AF_ALG - zeroize message digest buffer
>   crypto: AF_ALG - zeroize IV buffer
> 
>  crypto/algif_hash.c     | 2 ++
>  crypto/algif_skcipher.c | 1 +
>  2 files changed, 3 insertions(+)

All applied.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-11-12 14:17 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-11  4:36 [PATCH 0/2] crypto: zeroization of buffers Stephan Mueller
2014-11-11  4:37 ` [PATCH 1/2] crypto: AF_ALG - zeroize message digest buffer Stephan Mueller
2014-11-11  9:34   ` Daniel Borkmann
2014-11-11  4:37 ` [PATCH 2/2] crypto: AF_ALG - zeroize IV buffer Stephan Mueller
2014-11-12 14:17 ` [PATCH 0/2] crypto: zeroization of buffers Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).