Page MenuHomeFreeBSD

rijndael (AES): Avoid leaking sensitive data on kernel stack
ClosedPublic

Authored by cem on Aug 29 2018, 4:28 AM.

Details

Summary

Noticed this investigating Fortuna. Remove useless duplicate stack copies
of sensitive contents when possible, or if not possible, be sure to zero
them out when we're finished.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

cem created this revision.Aug 29 2018, 4:28 AM

Mostly LGTM.

sys/crypto/rijndael/rijndael-api-fst.c
448 ↗(On Diff #47424)

Could you please change this to use some better name, e.g. something like 'cleanup' instead?

cem added inline comments.Aug 29 2018, 7:25 PM
sys/crypto/rijndael/rijndael-api-fst.c
448 ↗(On Diff #47424)

I think 'out' is well understood:

$ cd sys
$ ag 'goto out;' | wc -l
    5333
$ ag 'goto cleanup;' | wc -l
     222

I can change it if you still prefer it, but I don't think "cleanup" is any better (or worse).

cem added a comment.Oct 20 2018, 7:48 PM

Ping -- do you still want a different label or is out ok? Thanks!

gordon accepted this revision as: secteam.Oct 24 2018, 6:04 PM
gordon added a subscriber: gordon.

Approved based on timeout from delphij.

This revision was not accepted when it landed; it landed in state Needs Review.Oct 26 2018, 8:53 PM
This revision was automatically updated to reflect the committed changes.