lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090531025720.GC9033@oblivion.subreption.com>
Date:	Sat, 30 May 2009 19:57:20 -0700
From:	"Larry H." <research@...reption.com>
To:	linux-kernel@...r.kernel.org
Cc:	pageexec@...email.hu, linux-mm@...ck.org,
	Linus Torvalds <torvalds@...l.org>,
	Rik van Riel <riel@...hat.com>,
	Alan Cox <alan@...rguk.ukuu.org.uk>
Subject: [PATCH] Use kzfree in crypto API context initialization and key/iv
	handling

[PATCH] Use kzfree in crypto API context initialization and key/iv handling

This patch replaces the kfree() calls within the crypto API (algorithms,
key setup and handling, etc) with kzfree(), to enforce sanitization of
the allocated memory.

This prevents such information from persisting on memory and eventually
leak to other kernel users or during coldboot attacks.

This patch replaces kfree() for context (algorithm meta-data) structures
too. Those are initialized or released once, and remain in use during the
lifetime of the cipher/algorithm instance, therefore no performance impact
exists for those specific changes.

This patch doesn't affect fastpaths.

Signed-off-by: Larry Highsmith <research@...reption.com>

---
 crypto/ablkcipher.c |    3 +--
 crypto/aead.c       |    7 +++----
 crypto/ahash.c      |    3 +--
 crypto/algapi.c     |    4 ++--
 crypto/algboss.c    |    8 ++++----
 crypto/api.c        |   13 +++++--------
 crypto/authenc.c    |    4 ++--
 crypto/blkcipher.c  |   13 +++++++------
 crypto/cbc.c        |    2 +-
 crypto/ccm.c        |    8 ++++----
 crypto/cipher.c     |    3 +--
 crypto/cryptd.c     |    4 ++--
 crypto/ctr.c        |    2 +-
 crypto/cts.c        |    2 +-
 crypto/deflate.c    |    4 ++--
 crypto/ecb.c        |    2 +-
 crypto/gcm.c        |   10 +++++-----
 crypto/gf128mul.c   |    4 ++--
 crypto/hash.c       |    3 +--
 crypto/hmac.c       |    2 +-
 crypto/lrw.c        |    2 +-
 crypto/pcbc.c       |    2 +-
 crypto/rng.c        |    2 +-
 crypto/seqiv.c      |    4 ++--
 crypto/shash.c      |    3 +--
 crypto/xcbc.c       |    2 +-
 crypto/xts.c        |    2 +-
 27 files changed, 55 insertions(+), 63 deletions(-)

Index: linux-2.6/crypto/ablkcipher.c
===================================================================
--- linux-2.6.orig/crypto/ablkcipher.c
+++ linux-2.6/crypto/ablkcipher.c
@@ -42,8 +42,7 @@ static int setkey_unaligned(struct crypt
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = cipher->setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return ret;
 }
 
Index: linux-2.6/crypto/aead.c
===================================================================
--- linux-2.6.orig/crypto/aead.c
+++ linux-2.6/crypto/aead.c
@@ -40,8 +40,7 @@ static int setkey_unaligned(struct crypt
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = aead->setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return ret;
 }
 
@@ -298,7 +297,7 @@ out:
 err_drop_alg:
 	crypto_drop_aead(spawn);
 err_free_inst:
-	kfree(inst);
+	kzfree(inst);
 	inst = ERR_PTR(err);
 	goto out;
 }
@@ -307,7 +306,7 @@ EXPORT_SYMBOL_GPL(aead_geniv_alloc);
 void aead_geniv_free(struct crypto_instance *inst)
 {
 	crypto_drop_aead(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 EXPORT_SYMBOL_GPL(aead_geniv_free);
 
Index: linux-2.6/crypto/ahash.c
===================================================================
--- linux-2.6.orig/crypto/ahash.c
+++ linux-2.6/crypto/ahash.c
@@ -145,8 +145,7 @@ static int ahash_setkey_unaligned(struct
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = ahash->setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return ret;
 }
 
Index: linux-2.6/crypto/algapi.c
===================================================================
--- linux-2.6.orig/crypto/algapi.c
+++ linux-2.6/crypto/algapi.c
@@ -185,7 +185,7 @@ out:	
 	return larval;
 
 free_larval:
-	kfree(larval);
+	kzfree(larval);
 err:
 	larval = ERR_PTR(ret);
 	goto out;
@@ -657,7 +657,7 @@ struct crypto_instance *crypto_alloc_ins
 	return inst;
 
 err_free_inst:
-	kfree(inst);
+	kzfree(inst);
 	return ERR_PTR(err);
 }
 EXPORT_SYMBOL_GPL(crypto_alloc_instance);
Index: linux-2.6/crypto/algboss.c
===================================================================
--- linux-2.6.orig/crypto/algboss.c
+++ linux-2.6/crypto/algboss.c
@@ -81,7 +81,7 @@ static int cryptomgr_probe(void *data)
 		goto err;
 
 out:
-	kfree(param);
+	kzfree(param);
 	module_put_and_exit(0);
 
 err:
@@ -193,7 +193,7 @@ static int cryptomgr_schedule_probe(stru
 	return NOTIFY_STOP;
 
 err_free_param:
-	kfree(param);
+	kzfree(param);
 err_put_module:
 	module_put(THIS_MODULE);
 err:
@@ -215,7 +215,7 @@ static int cryptomgr_test(void *data)
 skiptest:
 	crypto_alg_tested(param->driver, err);
 
-	kfree(param);
+	kzfree(param);
 	module_put_and_exit(0);
 }
 
@@ -242,7 +242,7 @@ static int cryptomgr_schedule_test(struc
 	return NOTIFY_STOP;
 
 err_free_param:
-	kfree(param);
+	kzfree(param);
 err_put_module:
 	module_put(THIS_MODULE);
 err:
Index: linux-2.6/crypto/api.c
===================================================================
--- linux-2.6.orig/crypto/api.c
+++ linux-2.6/crypto/api.c
@@ -107,7 +107,7 @@ static void crypto_larval_destroy(struct
 	BUG_ON(!crypto_is_larval(alg));
 	if (larval->adult)
 		crypto_mod_put(larval->adult);
-	kfree(larval);
+	kzfree(larval);
 }
 
 struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask)
@@ -151,7 +151,7 @@ static struct crypto_alg *crypto_larval_
 	up_write(&crypto_alg_sem);
 
 	if (alg != &larval->alg)
-		kfree(larval);
+		kzfree(larval);
 
 	return alg;
 }
@@ -400,7 +400,7 @@ cra_init_failed:
 out_free_tfm:
 	if (err == -EAGAIN)
 		crypto_shoot_alg(alg);
-	kfree(tfm);
+	kzfree(tfm);
 out_err:
 	tfm = ERR_PTR(err);
 out:
@@ -497,7 +497,7 @@ cra_init_failed:
 out_free_tfm:
 	if (err == -EAGAIN)
 		crypto_shoot_alg(alg);
-	kfree(mem);
+	kzfree(mem);
 out_err:
 	tfm = ERR_PTR(err);
 out:
@@ -580,20 +580,17 @@ EXPORT_SYMBOL_GPL(crypto_alloc_tfm);
 void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm)
 {
 	struct crypto_alg *alg;
-	int size;
 
 	if (unlikely(!mem))
 		return;
 
 	alg = tfm->__crt_alg;
-	size = ksize(mem);
 
 	if (!tfm->exit && alg->cra_exit)
 		alg->cra_exit(tfm);
 	crypto_exit_ops(tfm);
 	crypto_mod_put(alg);
-	memset(mem, 0, size);
-	kfree(mem);
+	kzfree(mem);
 }
 EXPORT_SYMBOL_GPL(crypto_destroy_tfm);
 
Index: linux-2.6/crypto/authenc.c
===================================================================
--- linux-2.6.orig/crypto/authenc.c
+++ linux-2.6/crypto/authenc.c
@@ -461,7 +461,7 @@ err_drop_enc:
 err_drop_auth:
 	crypto_drop_spawn(&ctx->auth);
 err_free_inst:
-	kfree(inst);
+	kzfree(inst);
 out_put_auth:
 	inst = ERR_PTR(err);
 	goto out;
@@ -473,7 +473,7 @@ static void crypto_authenc_free(struct c
 
 	crypto_drop_skcipher(&ctx->enc);
 	crypto_drop_spawn(&ctx->auth);
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_authenc_tmpl = {
Index: linux-2.6/crypto/blkcipher.c
===================================================================
--- linux-2.6.orig/crypto/blkcipher.c
+++ linux-2.6/crypto/blkcipher.c
@@ -136,9 +136,11 @@ err:
 	if (walk->iv != desc->info)
 		memcpy(desc->info, walk->iv, crypto_blkcipher_ivsize(tfm));
 	if (walk->buffer != walk->page)
-		kfree(walk->buffer);
-	if (walk->page)
+		kzfree(walk->buffer);
+	if (walk->page) {
+		memset(walk->page, 0, PAGE_SIZE);
 		free_page((unsigned long)walk->page);
+	}
 
 	return err;
 }
@@ -373,8 +375,7 @@ static int setkey_unaligned(struct crypt
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = cipher->setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return ret;
 }
 
@@ -661,7 +662,7 @@ out:
 err_drop_alg:
 	crypto_drop_skcipher(spawn);
 err_free_inst:
-	kfree(inst);
+	kzfree(inst);
 	inst = ERR_PTR(err);
 	goto out;
 }
@@ -670,7 +671,7 @@ EXPORT_SYMBOL_GPL(skcipher_geniv_alloc);
 void skcipher_geniv_free(struct crypto_instance *inst)
 {
 	crypto_drop_skcipher(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 EXPORT_SYMBOL_GPL(skcipher_geniv_free);
 
Index: linux-2.6/crypto/cbc.c
===================================================================
--- linux-2.6.orig/crypto/cbc.c
+++ linux-2.6/crypto/cbc.c
@@ -264,7 +264,7 @@ out_put_alg:
 static void crypto_cbc_free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_cbc_tmpl = {
Index: linux-2.6/crypto/ccm.c
===================================================================
--- linux-2.6.orig/crypto/ccm.c
+++ linux-2.6/crypto/ccm.c
@@ -565,7 +565,7 @@ err_drop_ctr:
 err_drop_cipher:
 	crypto_drop_spawn(&ictx->cipher);
 err_free_inst:
-	kfree(inst);
+	kzfree(inst);
 out_put_cipher:
 	inst = ERR_PTR(err);
 	goto out;
@@ -600,7 +600,7 @@ static void crypto_ccm_free(struct crypt
 
 	crypto_drop_spawn(&ctx->cipher);
 	crypto_drop_skcipher(&ctx->ctr);
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_ccm_tmpl = {
@@ -831,7 +831,7 @@ out:
 out_drop_alg:
 	crypto_drop_aead(spawn);
 out_free_inst:
-	kfree(inst);
+	kzfree(inst);
 	inst = ERR_PTR(err);
 	goto out;
 }
@@ -839,7 +839,7 @@ out_free_inst:
 static void crypto_rfc4309_free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_rfc4309_tmpl = {
Index: linux-2.6/crypto/cipher.c
===================================================================
--- linux-2.6.orig/crypto/cipher.c
+++ linux-2.6/crypto/cipher.c
@@ -37,8 +37,7 @@ static int setkey_unaligned(struct crypt
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = cia->cia_setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return ret;
 
 }
Index: linux-2.6/crypto/cryptd.c
===================================================================
--- linux-2.6.orig/crypto/cryptd.c
+++ linux-2.6/crypto/cryptd.c
@@ -225,7 +225,7 @@ out:
 	return inst;
 
 out_free_inst:
-	kfree(inst);
+	kzfree(inst);
 	inst = ERR_PTR(err);
 	goto out;
 }
@@ -527,7 +527,7 @@ static void cryptd_free(struct crypto_in
 	struct cryptd_instance_ctx *ctx = crypto_instance_ctx(inst);
 
 	crypto_drop_spawn(&ctx->spawn);
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template cryptd_tmpl = {
Index: linux-2.6/crypto/ctr.c
===================================================================
--- linux-2.6.orig/crypto/ctr.c
+++ linux-2.6/crypto/ctr.c
@@ -231,7 +231,7 @@ out_put_alg:
 static void crypto_ctr_free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_ctr_tmpl = {
Index: linux-2.6/crypto/cts.c
===================================================================
--- linux-2.6.orig/crypto/cts.c
+++ linux-2.6/crypto/cts.c
@@ -326,7 +326,7 @@ out_put_alg:
 static void crypto_cts_free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_cts_tmpl = {
Index: linux-2.6/crypto/deflate.c
===================================================================
--- linux-2.6.orig/crypto/deflate.c
+++ linux-2.6/crypto/deflate.c
@@ -86,7 +86,7 @@ static int deflate_decomp_init(struct de
 out:
 	return ret;
 out_free:
-	kfree(stream->workspace);
+	kzfree(stream->workspace);
 	goto out;
 }
 
@@ -99,7 +99,7 @@ static void deflate_comp_exit(struct def
 static void deflate_decomp_exit(struct deflate_ctx *ctx)
 {
 	zlib_inflateEnd(&ctx->decomp_stream);
-	kfree(ctx->decomp_stream.workspace);
+	kzfree(ctx->decomp_stream.workspace);
 }
 
 static int deflate_init(struct crypto_tfm *tfm)
Index: linux-2.6/crypto/ecb.c
===================================================================
--- linux-2.6.orig/crypto/ecb.c
+++ linux-2.6/crypto/ecb.c
@@ -160,7 +160,7 @@ out_put_alg:
 static void crypto_ecb_free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_ecb_tmpl = {
Index: linux-2.6/crypto/gcm.c
===================================================================
--- linux-2.6.orig/crypto/gcm.c
+++ linux-2.6/crypto/gcm.c
@@ -242,7 +242,7 @@ static int crypto_gcm_setkey(struct cryp
 		err = -ENOMEM;
 
 out:
-	kfree(data);
+	kzfree(data);
 	return err;
 }
 
@@ -507,7 +507,7 @@ out:
 out_put_ctr:
 	crypto_drop_skcipher(&ctx->ctr);
 err_free_inst:
-	kfree(inst);
+	kzfree(inst);
 	inst = ERR_PTR(err);
 	goto out;
 }
@@ -540,7 +540,7 @@ static void crypto_gcm_free(struct crypt
 	struct gcm_instance_ctx *ctx = crypto_instance_ctx(inst);
 
 	crypto_drop_skcipher(&ctx->ctr);
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_gcm_tmpl = {
@@ -762,7 +762,7 @@ out:
 out_drop_alg:
 	crypto_drop_aead(spawn);
 out_free_inst:
-	kfree(inst);
+	kzfree(inst);
 	inst = ERR_PTR(err);
 	goto out;
 }
@@ -770,7 +770,7 @@ out_free_inst:
 static void crypto_rfc4106_free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_rfc4106_tmpl = {
Index: linux-2.6/crypto/gf128mul.c
===================================================================
--- linux-2.6.orig/crypto/gf128mul.c
+++ linux-2.6/crypto/gf128mul.c
@@ -352,8 +352,8 @@ void gf128mul_free_64k(struct gf128mul_6
 	int i;
 
 	for (i = 0; i < 16; i++)
-		kfree(t->t[i]);
-	kfree(t);
+		kzfree(t->t[i]);
+	kzfree(t);
 }
 EXPORT_SYMBOL(gf128mul_free_64k);
 
Index: linux-2.6/crypto/hash.c
===================================================================
--- linux-2.6.orig/crypto/hash.c
+++ linux-2.6/crypto/hash.c
@@ -42,8 +42,7 @@ static int hash_setkey_unaligned(struct 
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = alg->setkey(crt, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return ret;
 }
 
Index: linux-2.6/crypto/hmac.c
===================================================================
--- linux-2.6.orig/crypto/hmac.c
+++ linux-2.6/crypto/hmac.c
@@ -218,7 +218,7 @@ static void hmac_exit_tfm(struct crypto_
 static void hmac_free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_instance *hmac_alloc(struct rtattr **tb)
Index: linux-2.6/crypto/lrw.c
===================================================================
--- linux-2.6.orig/crypto/lrw.c
+++ linux-2.6/crypto/lrw.c
@@ -287,7 +287,7 @@ out_put_alg:
 static void free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_tmpl = {
Index: linux-2.6/crypto/pcbc.c
===================================================================
--- linux-2.6.orig/crypto/pcbc.c
+++ linux-2.6/crypto/pcbc.c
@@ -270,7 +270,7 @@ out_put_alg:
 static void crypto_pcbc_free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_pcbc_tmpl = {
Index: linux-2.6/crypto/rng.c
===================================================================
--- linux-2.6.orig/crypto/rng.c
+++ linux-2.6/crypto/rng.c
@@ -42,7 +42,7 @@ static int rngapi_reset(struct crypto_rn
 
 	err = crypto_rng_alg(tfm)->rng_reset(tfm, seed, slen);
 
-	kfree(buf);
+	kzfree(buf);
 	return err;
 }
 
Index: linux-2.6/crypto/seqiv.c
===================================================================
--- linux-2.6.orig/crypto/seqiv.c
+++ linux-2.6/crypto/seqiv.c
@@ -43,7 +43,7 @@ static void seqiv_complete2(struct skcip
 	memcpy(req->creq.info, subreq->info, crypto_ablkcipher_ivsize(geniv));
 
 out:
-	kfree(subreq->info);
+	kzfree(subreq->info);
 }
 
 static void seqiv_complete(struct crypto_async_request *base, int err)
@@ -69,7 +69,7 @@ static void seqiv_aead_complete2(struct 
 	memcpy(req->areq.iv, subreq->iv, crypto_aead_ivsize(geniv));
 
 out:
-	kfree(subreq->iv);
+	kzfree(subreq->iv);
 }
 
 static void seqiv_aead_complete(struct crypto_async_request *base, int err)
Index: linux-2.6/crypto/shash.c
===================================================================
--- linux-2.6.orig/crypto/shash.c
+++ linux-2.6/crypto/shash.c
@@ -44,8 +44,7 @@ static int shash_setkey_unaligned(struct
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	err = shash->setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return err;
 }
 
Index: linux-2.6/crypto/xcbc.c
===================================================================
--- linux-2.6.orig/crypto/xcbc.c
+++ linux-2.6/crypto/xcbc.c
@@ -346,7 +346,7 @@ out_put_alg:
 static void xcbc_free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_xcbc_tmpl = {
Index: linux-2.6/crypto/xts.c
===================================================================
--- linux-2.6.orig/crypto/xts.c
+++ linux-2.6/crypto/xts.c
@@ -264,7 +264,7 @@ out_put_alg:
 static void free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
-	kfree(inst);
+	kzfree(inst);
 }
 
 static struct crypto_template crypto_tmpl = {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ