lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Nov 2021 08:47:26 +0800 From: Sandy Harris <sandyinchina@...il.com> To: Greg KH <gregkh@...uxfoundation.org> Cc: Linux Crypto Mailing List <linux-crypto@...r.kernel.org>, linux-hardening@...r.kernel.org Subject: Re: memset() in crypto code On Fri, Sep 3, 2021 at 2:15 PM Greg KH <gregkh@...uxfoundation.org> wrote: > > On Fri, Sep 03, 2021 at 09:13:43AM +0800, Sandy Harris wrote: > > Doing this the crypto directory: > > grep memset *.c | wc -l > > I get 137 results. > > > > The compiler may optimise memset() away, subverting the intent of > > these operations. We have memzero_explicit() to avoid that problem. > > > > Should most or all those memset() calls be replaced? > > The ones that are determined to actually need this, sure, but a simple > grep like that does not actually show that. You need to read the code > itself to determine the need or not, please do so. Done. Patches to follow. I ended up making about a dozen changes in eight files. Of course, while I did read the code, I do not know it deeply so I may have misjudged some.
Powered by blists - more mailing lists