On 25/04/2022 14:53, Mikulas Patocka wrote:
This is the second version of this patch. It casts the value to unsigned
before doing the shift, because right shift of a negative number is not
defined.
Mikulas
From: Mikulas Patocka <mpatocka@xxxxxxxxxx>
The device mapper dm-crypt target is using scnprintf("%02x", cc->key[i]) to
report the current key to userspace. However, this is not constant-time
operation and it may leak information about the key via timing, via cache
access patterns or via the branch predictor.
This patch changes it to use "%c" instead. We introduce a function
hex2asc. hex2asc converts a number in the range 0 ... 15 to an ascii
character and it is coded in such a way that it contains no branches and
no memory accesses.
Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>
Cc; stable@xxxxxxxxxxxxxxx
I have run some tests with it, also cryptsetup testsuite is fine.
If it helps, you can add
Tested-by: Milan Broz <gmazyland@xxxxxxxxx>
Milan
---
drivers/md/dm-crypt.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
Index: linux-2.6/drivers/md/dm-crypt.c
===================================================================
--- linux-2.6.orig/drivers/md/dm-crypt.c 2022-04-25 14:41:15.000000000 +0200
+++ linux-2.6/drivers/md/dm-crypt.c 2022-04-25 14:42:06.000000000 +0200
@@ -3439,6 +3439,11 @@ static int crypt_map(struct dm_target *t
return DM_MAPIO_SUBMITTED;
}
+static char hex2asc(unsigned char c)
+{
+ return c + '0' + ((unsigned)(9 - c) >> 4 & 0x27);
+}
+
static void crypt_status(struct dm_target *ti, status_type_t type,
unsigned status_flags, char *result, unsigned maxlen)
{
@@ -3459,7 +3464,7 @@ static void crypt_status(struct dm_targe
DMEMIT(":%u:%s", cc->key_size, cc->key_string);
else
for (i = 0; i < cc->key_size; i++)
- DMEMIT("%02x", cc->key[i]);
+ DMEMIT("%c%c", hex2asc(cc->key[i] >> 4), hex2asc(cc->key[i] & 0xf));
} else
DMEMIT("-");
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/dm-devel
