| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Sep 2018 11:03:29 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Sabrina Dubroca <sd@...asysnail.net>,
"David S. Miller" <davem@...emloft.net>
Subject: [PATCH 4.14 12/64] tls: zero the crypto information from tls_context before freeing
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sabrina Dubroca <sd@...asysnail.net>
[ Upstream commit 86029d10af18381814881d6cce2dd6872163b59f ]
This contains key material in crypto_send_aes_gcm_128 and
crypto_recv_aes_gcm_128.
Introduce union tls_crypto_context, and replace the two identical
unions directly embedded in struct tls_context with it. We can then
use this union to clean up the memory in the new tls_ctx_free()
function.
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Sabrina Dubroca <sd@...asysnail.net>
Signed-off-by: David S. Miller <davem@...emloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
include/net/tls.h | 14 ++++++++------
net/tls/tls_main.c | 15 ++++++++++++---
net/tls/tls_sw.c | 2 +-
3 files changed, 21 insertions(+), 10 deletions(-)
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -79,11 +79,13 @@ enum {
TLS_PENDING_CLOSED_RECORD
};
+union tls_crypto_context {
+ struct tls_crypto_info info;
+ struct tls12_crypto_info_aes_gcm_128 aes_gcm_128;
+};
+
struct tls_context {
- union {
- struct tls_crypto_info crypto_send;
- struct tls12_crypto_info_aes_gcm_128 crypto_send_aes_gcm_128;
- };
+ union tls_crypto_context crypto_send;
void *priv_ctx;
@@ -208,8 +210,8 @@ static inline void tls_fill_prepend(stru
* size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE
*/
buf[0] = record_type;
- buf[1] = TLS_VERSION_MINOR(ctx->crypto_send.version);
- buf[2] = TLS_VERSION_MAJOR(ctx->crypto_send.version);
+ buf[1] = TLS_VERSION_MINOR(ctx->crypto_send.info.version);
+ buf[2] = TLS_VERSION_MAJOR(ctx->crypto_send.info.version);
/* we can use IV for nonce explicit according to spec */
buf[3] = pkt_len >> 8;
buf[4] = pkt_len & 0xFF;
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -218,6 +218,15 @@ static void tls_write_space(struct sock
ctx->sk_write_space(sk);
}
+static void tls_ctx_free(struct tls_context *ctx)
+{
+ if (!ctx)
+ return;
+
+ memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send));
+ kfree(ctx);
+}
+
static void tls_sk_proto_close(struct sock *sk, long timeout)
{
struct tls_context *ctx = tls_get_ctx(sk);
@@ -246,7 +255,7 @@ static void tls_sk_proto_close(struct so
kfree(ctx->iv);
sk_proto_close = ctx->sk_proto_close;
- kfree(ctx);
+ tls_ctx_free(ctx);
release_sock(sk);
sk_proto_close(sk, timeout);
@@ -274,7 +283,7 @@ static int do_tls_getsockopt_tx(struct s
}
/* get user crypto info */
- crypto_info = &ctx->crypto_send;
+ crypto_info = &ctx->crypto_send.info;
if (!TLS_CRYPTO_INFO_READY(crypto_info)) {
rc = -EBUSY;
@@ -371,7 +380,7 @@ static int do_tls_setsockopt_tx(struct s
}
/* get user crypto info */
- crypto_info = &ctx->crypto_send;
+ crypto_info = &ctx->crypto_send.info;
/* Currently we don't support set crypto info more than one time */
if (TLS_CRYPTO_INFO_READY(crypto_info)) {
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -687,7 +687,7 @@ int tls_set_sw_offload(struct sock *sk,
ctx->priv_ctx = (struct tls_offload_context *)sw_ctx;
ctx->free_resources = tls_sw_free_resources;
- crypto_info = &ctx->crypto_send;
+ crypto_info = &ctx->crypto_send.info;
switch (crypto_info->cipher_type) {
case TLS_CIPHER_AES_GCM_128: {
nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
Powered by blists - more mailing lists