zeroing tfms in crypto_free_tfm()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A long time ago (in 2.6.9 and 2.4.28), crypto_free_tfm() started zeroing
"alg->cra_ctxsize" bytes before freeing a crypto_tfm:

| commit 94ab49d18f69a816561ae199e05daab709ba912e (from full-history-linux)
| Author: David S. Miller <davem@xxxxxxxxxxxxxxxxxx>
| Date:   Tue Sep 14 08:21:40 2004 -0700
| 
|     [CRYPTO]: Zero out tfm before freeing in crypto_free_tfm().
|     
|     Based upon discussions with Ulrich Kuehn
|     (ukuehn@xxxxxxx)
|     
|     Signed-off-by: James Morris <jmorris@xxxxxxxxxx>
|     Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
| 
| diff --git a/crypto/api.c b/crypto/api.c
| index 6f0e625..394169a 100644
| --- a/crypto/api.c
| +++ b/crypto/api.c
| @@ -155,8 +155,12 @@ out:
|  
|  void crypto_free_tfm(struct crypto_tfm *tfm)
|  {
| +	struct crypto_alg *alg = tfm->__crt_alg;
| +	int size = sizeof(*tfm) + alg->cra_ctxsize;
| +
|  	crypto_exit_ops(tfm);
| -	crypto_alg_put(tfm->__crt_alg);
| +	crypto_alg_put(alg);
| +	memset(tfm, 0, size);
|  	kfree(tfm);
|  }

However, in the mean time, the allocation mechanism for crypto_tfm objects has
been changed twice, by:
  1. commit fbdae9f3e7fb57c07cb0d973f113eb25da2e8ff2 ("[CRYPTO] Ensure cit_iv
     is aligned correctly"), which replaced "alg->cra_ctxsize" by
     "crypto_ctxsize(alg, flags)" in crypto_alloc_tfm(),
  2. commit 7b0bac64cd5b74d6f1147524c26216de13a501fd ("crypto: api - Rebirth of
     crypto_alloc_tfm"), which introduced the alternative crypto_create_tfm(),
     where the memory requirements are based on
     "frontend->extsize(alg, frontend)" instead of "alg->cra_ctxsize".

Fortunately (for all current transforms under crypto/), it seems that
"crypto_ctxsize(alg, flags)" and "frontend->extsize(alg, frontend)" are always
at least as large as "alg->cra_ctxsize". But still,
  (a) this may leak key information in the few cases where the actual key size
      is larger than "alg->cra_ctxsize",
  (b) this may change in the future, causing memory corruption.

With kind regards,

Geert Uytterhoeven
Software Architect

Sony Techsoft Centre Europe
The Corporate Village · Da Vincilaan 7-D1 · B-1935 Zaventem · Belgium

Phone:    +32 (0)2 700 8453
Fax:      +32 (0)2 700 8622
E-mail:   Geert.Uytterhoeven@xxxxxxxxxxx
Internet: http://www.sony-europe.com/

A division of Sony Europe (Belgium) N.V.
VAT BE 0413.825.160 · RPR Brussels
Fortis · BIC GEBABEBB · IBAN BE41293037680010
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux