* memset() in crypto code
@ 2021-09-03 1:13 Sandy Harris
2021-09-03 6:15 ` Greg KH
0 siblings, 1 reply; 3+ messages in thread
From: Sandy Harris @ 2021-09-03 1:13 UTC (permalink / raw)
To: Linux Crypto Mailing List, linux-hardening
Doing this the crypto directory:
grep memset *.c | wc -l
I get 137 results.
The compiler may optimise memset() away, subverting the intent of
these operations. We have memzero_explicit() to avoid that problem.
Should most or all those memset() calls be replaced?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: memset() in crypto code
2021-09-03 1:13 memset() in crypto code Sandy Harris
@ 2021-09-03 6:15 ` Greg KH
2021-11-16 0:47 ` Sandy Harris
0 siblings, 1 reply; 3+ messages in thread
From: Greg KH @ 2021-09-03 6:15 UTC (permalink / raw)
To: Sandy Harris; +Cc: Linux Crypto Mailing List, linux-hardening
On Fri, Sep 03, 2021 at 09:13:43AM +0800, Sandy Harris wrote:
> Doing this the crypto directory:
> grep memset *.c | wc -l
> I get 137 results.
>
> The compiler may optimise memset() away, subverting the intent of
> these operations. We have memzero_explicit() to avoid that problem.
>
> Should most or all those memset() calls be replaced?
The ones that are determined to actually need this, sure, but a simple
grep like that does not actually show that. You need to read the code
itself to determine the need or not, please do so.
good luck!
greg k-h
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: memset() in crypto code
2021-09-03 6:15 ` Greg KH
@ 2021-11-16 0:47 ` Sandy Harris
0 siblings, 0 replies; 3+ messages in thread
From: Sandy Harris @ 2021-11-16 0:47 UTC (permalink / raw)
To: Greg KH; +Cc: Linux Crypto Mailing List, linux-hardening
On Fri, Sep 3, 2021 at 2:15 PM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Fri, Sep 03, 2021 at 09:13:43AM +0800, Sandy Harris wrote:
> > Doing this the crypto directory:
> > grep memset *.c | wc -l
> > I get 137 results.
> >
> > The compiler may optimise memset() away, subverting the intent of
> > these operations. We have memzero_explicit() to avoid that problem.
> >
> > Should most or all those memset() calls be replaced?
>
> The ones that are determined to actually need this, sure, but a simple
> grep like that does not actually show that. You need to read the code
> itself to determine the need or not, please do so.
Done. Patches to follow. I ended up making about a dozen changes
in eight files. Of course, while I did read the code, I do not know it
deeply so I may have misjudged some.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-16 3:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-03 1:13 memset() in crypto code Sandy Harris
2021-09-03 6:15 ` Greg KH
2021-11-16 0:47 ` Sandy Harris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.