crypto_memset (was: Re: Zero it if you're going to copy it out.)

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: crypto_memset (was: Re: Zero it if you're going to copy it out.)
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Mon, 25 Jun 2012 20:24:40 +0200

On 25.06.2012 15:20, Thor Lancelot Simon wrote:
> On Mon, Jun 25, 2012 at 02:16:33PM +0100, Roger Pau Monne wrote:
>>
>> Yes, it doesn't hurt to zero memory if returning it to the user. Who
>> knows what might be there previously.
> 
> I'm sorry, I can't let this go.
> 
> This is not a case of "it doesn't hurt" -- it's a case of "it's absolutely
> necessary".  It is completely unacceptable to leak the contents of kernel
> memory to the user!

BTW, did we get the {crypto,safe,secure}:
_memset: not optimized by compiler away,
_memcmp: constant-time memcmp for a given size

? I can't find anything in the commit logs.

I am sure these will find their place in the kernel, and also in some
places in userland (except for cache manipulation, maybe).

-- 
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

References:
- Zero it if you're going to copy it out.
  - From: Thor Lancelot Simon

Prev by Date: Re: Zero it if you're going to copy it out.
Next by Date: Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)
Previous by Thread: Re: Zero it if you're going to copy it out.
Next by Thread: Re: crypto_memset (was: Re: Zero it if you're going to copy it out.)
Indexes:

Home | Main Index | Thread Index | Old Index