The device mapper dm-crypt target is using scnprintf("%02x", cc->key[i]) to report the current key to userspace. However, this is not constant-time operation and it may leak information about the key via timing, via cache access patterns or via the branch predictor. This patch changes it to use "%c" instead. We introduce a function hex2asc. hex2asc converts a number in the range 0 ... 15 to an ascii character and it is coded in such a way that it contains no branches and no memory accesses. Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx> Cc; stable@xxxxxxxxxxxxxxx --- drivers/md/dm-crypt.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Index: linux-2.6/drivers/md/dm-crypt.c =================================================================== --- linux-2.6.orig/drivers/md/dm-crypt.c 2022-04-24 19:44:14.000000000 +0200 +++ linux-2.6/drivers/md/dm-crypt.c 2022-04-24 19:54:13.000000000 +0200 @@ -3439,6 +3439,11 @@ static int crypt_map(struct dm_target *t return DM_MAPIO_SUBMITTED; } +static char hex2asc(unsigned char c) +{ + return c + '0' + ((9 - c) >> 4 & 0x27); +} + static void crypt_status(struct dm_target *ti, status_type_t type, unsigned status_flags, char *result, unsigned maxlen) { @@ -3459,7 +3464,7 @@ static void crypt_status(struct dm_targe DMEMIT(":%u:%s", cc->key_size, cc->key_string); else for (i = 0; i < cc->key_size; i++) - DMEMIT("%02x", cc->key[i]); + DMEMIT("%c%c", hex2asc(cc->key[i] >> 4), hex2asc(cc->key[i] & 0xf)); } else DMEMIT("-"); -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel