Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key mater

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key mater

From:	Max Reitz
Subject:	Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free
Date:	Wed, 7 Dec 2016 16:49:01 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.0

On 07.12.2016 03:29, Gonglei wrote:
> Common practice with sensitive information (key material, passwords,
> etc). Prevents sensitive information from being exposed by accident later in
> coredumps, memory disclosure bugs when heap memory is reused, etc.
> 
> Sensitive information is sometimes also held in mlocked pages to prevent
> it being swapped to disk but that's not being done here.
> 
> Let's zeroize the memory of CryptoDevBackendSymOpInfo structure pointed
> for key material security.
> 
> [v2: Stefan perfects the commit message, thanks]
> Signed-off-by: Gonglei <address@hidden>
> Reviewed-by: Stefan Hajnoczi <address@hidden>
> ---
>  hw/virtio/virtio-crypto.c | 13 ++++++++++++-
>  1 file changed, 12 insertions(+), 1 deletion(-)

As far as I'm aware, other projects usually have a special memset
variation for doing this. That is because compilers may choose to
"optimize" memset(p, ...) + free(p) to just the free(p). Having a
special zeroizing function that the compiler cannot drop would prevent
this. (By the way, C11 provides this functionality with memset_s().)

We are not using free() but g_free(), so the danger of a compiler
detecting the pattern and "optimizing" it is probably much lower, but
still, the possibility exists.

Max

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Gonglei, 2016/12/06
- Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Eric Blake, 2016/12/07
  - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Gonglei (Arei), 2016/12/07
    - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Eric Blake, 2016/12/08
    - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Michael S. Tsirkin, 2016/12/10
    - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Gonglei (Arei), 2016/12/11
- Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Max Reitz <=
  - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Gonglei (Arei), 2016/12/07
    - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Eric Blake, 2016/12/08
    - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Max Reitz, 2016/12/08
    - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Gonglei (Arei), 2016/12/08
    - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Max Reitz, 2016/12/09
    - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Gonglei (Arei), 2016/12/09
    - Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free, Max Reitz, 2016/12/10

Prev by Date: Re: [Qemu-devel] [Qemu-block] [PULL for-2.8 0/3] Block patches for -rc3
Next by Date: Re: [Qemu-devel] [Qemu-block] [PATCH] doc: Propose NBD_FLAG_INIT_ZEROES extension
Previous by thread: Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free
Next by thread: Re: [Qemu-devel] [PATCH for-2.9 v2] virtio-crypto: zeroize the key material before free
Index(es):
- Date
- Thread