Re: crypto: zeroization of sensitive data in af_alg

[Stephan Mueller]

Am Montag, 10. November 2014, 21:55:43 schrieb Sandy Harris:

Hi Sandy, Herbert,

> On Sun, Nov 9, 2014 at 5:33 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote:
> > while working on the AF_ALG interface, I saw no active zeroizations of
> > memory that may hold sensitive data that is maintained outside the kernel
> > crypto API cipher handles. ...
> > 
> > I think I found the location for the first one: hash_sock_destruct that
> > should be enhanced with a memset(0) of ctx->result.
> 
> See also a thread titled "memset() in crypto code?" on the linux
> crypto list. The claim is that gcc can optimise memset() away so you
> need a different function to guarantee the intended results. There's a
> patch to the random driver that uses a new function
> memzero_explicit(), and one of the newer C standards has a different
> function name for the purpose.

That is a good idea.

Herbert: I can prepare a patch that uses memzero_explicit. However, your 
current tree does not yet implement that function as it was added to Linus' 
tree after you pulled from it.

Shall I now still use memset(0) or prepare a patch that does not yet compile 
by using memzero_explicit?

-- 
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/