lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <284b70dd-5575-fee4-109f-aa99fb73a434@redhat.com>
Date:   Mon, 7 Oct 2019 11:06:04 +0200
From:   Hans de Goede <hdegoede@...hat.com>
To:     Stephan Mueller <smueller@...onox.de>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        "H . Peter Anvin" <hpa@...or.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        linux-crypto@...r.kernel.org, x86@...nel.org,
        linux-kernel@...r.kernel.org, Arvind Sankar <nivedita@...m.mit.edu>
Subject: Re: [PATCH 5.4 regression fix] x86/boot: Provide memzero_explicit

Hi Stephan,

On 07-10-2019 10:59, Stephan Mueller wrote:
> Am Montag, 7. Oktober 2019, 10:55:01 CEST schrieb Hans de Goede:
> 
> Hi Hans,
> 
>> The purgatory code now uses the shared lib/crypto/sha256.c sha256
>> implementation. This needs memzero_explicit, implement this.
>>
>> Reported-by: Arvind Sankar <nivedita@...m.mit.edu>
>> Fixes: 906a4bb97f5d ("crypto: sha256 - Use get/put_unaligned_be32 to get
>> input, memzero_explicit") Signed-off-by: Hans de Goede
>> <hdegoede@...hat.com>
>> ---
>>   arch/x86/boot/compressed/string.c | 5 +++++
>>   1 file changed, 5 insertions(+)
>>
>> diff --git a/arch/x86/boot/compressed/string.c
>> b/arch/x86/boot/compressed/string.c index 81fc1eaa3229..511332e279fe 100644
>> --- a/arch/x86/boot/compressed/string.c
>> +++ b/arch/x86/boot/compressed/string.c
>> @@ -50,6 +50,11 @@ void *memset(void *s, int c, size_t n)
>>   	return s;
>>   }
>>
>> +void memzero_explicit(void *s, size_t count)
>> +{
>> +	memset(s, 0, count);
> 
> May I ask how it is guaranteed that this memset is not optimized out by the
> compiler, e.g. for stack variables?

The function and the caller live in different compile units, so unless
LTO is used this cannot happen.

Also note that the previous purgatory private (vs shared) sha256 implementation had:

         /* Zeroize sensitive information. */
         memset(sctx, 0, sizeof(*sctx));

In the place where the new shared 256 code uses memzero_explicit() and the
new shared sha256 code is the only user of the arch/x86/boot/compressed/string.c
memzero_explicit() implementation.

With that all said I'm open to suggestions for improving this.

Regards,

Hans

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ