| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250516150400.512375-1-zilin@seu.edu.cn> Date: Fri, 16 May 2025 15:04:00 +0000 From: Zilin Guan <zilin@....edu.cn> To: przemyslaw.kitszel@...el.com Cc: andrew+netdev@...n.ch, anthony.l.nguyen@...el.com, davem@...emloft.net, dawid.osuchowski@...ux.intel.com, edumazet@...gle.com, intel-wired-lan@...ts.osuosl.org, jianhao.xu@....edu.cn, kuba@...nel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, pabeni@...hat.com, zilin@....edu.cn Subject: Re: [PATCH] ixgbe/ipsec: use memzero_explicit() for stack SA structs On Thu, May 15, 2025 at 11:27:22AM+0200, Przemek Kitszel wrote: > the general rule is to memzero_explicit() memory that was holding secure > content > -- > to have full picture: it is fine to memset() such storage prior to use, > it is also fine to combine related changes in one commit/one series > > re stated purpose of the patch: > I see @rsa cleaned in just one exit point of ixgbe_ipsec_add_sa(), > instead of all of them, so v2 seems warranted Hi Przemek, Thank you for your detailed feedback and clarification. As Dawid pointed out, while @rsa is cleared at one exit point in ixgbe_ipsec_add_sa(), another exit path, at which we fail to acquire the RX SA table, leaves rsa.key and rsa.salt zeroed. Does this imply there's no sensitive data to clear in this case? If so, would using memset() on the symmetric error path in @tsa be redundant, or am I overlooking something? I'd appreciate your thoughts on this. Best regards, Zilin Guan
Powered by blists - more mailing lists