All of lore.kernel.org
 help / color / mirror / Atom feed
* memset() in crypto code
@ 2021-09-03  1:13 Sandy Harris
  2021-09-03  6:15 ` Greg KH
  0 siblings, 1 reply; 3+ messages in thread
From: Sandy Harris @ 2021-09-03  1:13 UTC (permalink / raw)
  To: Linux Crypto Mailing List, linux-hardening

Doing this the crypto directory:
grep memset *.c | wc -l
I get 137 results.

The compiler may optimise memset() away, subverting the intent of
these operations. We have memzero_explicit() to avoid that problem.

Should most or all those memset() calls be replaced?

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: memset() in crypto code
  2021-09-03  1:13 memset() in crypto code Sandy Harris
@ 2021-09-03  6:15 ` Greg KH
  2021-11-16  0:47   ` Sandy Harris
  0 siblings, 1 reply; 3+ messages in thread
From: Greg KH @ 2021-09-03  6:15 UTC (permalink / raw)
  To: Sandy Harris; +Cc: Linux Crypto Mailing List, linux-hardening

On Fri, Sep 03, 2021 at 09:13:43AM +0800, Sandy Harris wrote:
> Doing this the crypto directory:
> grep memset *.c | wc -l
> I get 137 results.
> 
> The compiler may optimise memset() away, subverting the intent of
> these operations. We have memzero_explicit() to avoid that problem.
> 
> Should most or all those memset() calls be replaced?

The ones that are determined to actually need this, sure, but a simple
grep like that does not actually show that.  You need to read the code
itself to determine the need or not, please do so.

good luck!

greg k-h

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: memset() in crypto code
  2021-09-03  6:15 ` Greg KH
@ 2021-11-16  0:47   ` Sandy Harris
  0 siblings, 0 replies; 3+ messages in thread
From: Sandy Harris @ 2021-11-16  0:47 UTC (permalink / raw)
  To: Greg KH; +Cc: Linux Crypto Mailing List, linux-hardening

On Fri, Sep 3, 2021 at 2:15 PM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Fri, Sep 03, 2021 at 09:13:43AM +0800, Sandy Harris wrote:
> > Doing this the crypto directory:
> > grep memset *.c | wc -l
> > I get 137 results.
> >
> > The compiler may optimise memset() away, subverting the intent of
> > these operations. We have memzero_explicit() to avoid that problem.
> >
> > Should most or all those memset() calls be replaced?
>
> The ones that are determined to actually need this, sure, but a simple
> grep like that does not actually show that.  You need to read the code
> itself to determine the need or not, please do so.

Done. Patches to follow. I ended up making about a dozen changes
in eight files. Of course, while I did read the code, I do not know it
deeply so I may have misjudged some.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-16  3:59 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-03  1:13 memset() in crypto code Sandy Harris
2021-09-03  6:15 ` Greg KH
2021-11-16  0:47   ` Sandy Harris

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.