[dm-crypt] unsafe??? use of memset

Milan Broz gmazyland at gmail.com
Tue Dec 30 15:26:02 CET 2014


On 12/30/2014 02:57 PM, .. ink .. wrote:
> 
> a lot of people like this one[2] advises against the use of memset to clear memory but crypsetup seems to
> ignore this advice and use memset a lot like in[1].
> 
> Any reason why cryptseup is ignoring this advice?

Why ignore? It worked with old compilers (and VC is not the issue here).

This is opensource, so I usually respond with "send a patch" to these messages...

But actually I have patch for that for weeks. I have just another issues which have
unfortunately much higher priority in my life and I am not going commit half-baked patch.

FYI:
I fixed it is kernel dmcrypt, there we can use memzero_explicit()
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/drivers/md/dm-crypt.c?id=1a71d6ffe18c0d0f03fc8531949cc8ed41d702ee

Cryptsetup will follow (hopefully soon with other fixes).

And it is nothing critical.

There is a nice description of problem
https://cryptocoding.net/index.php/Coding_rules#Prevent_compiler_interference_with_security-critical_operations

Actually I want to replace zero memset with zero it with code used in BLAKE2.
It is simple and should work.

static inline void secure_zero_memory(void *v, size_t n)
{
  volatile uint8_t *p = (volatile uint8_t *)v;
  while(n--) *p++ = 0;
}

Milan

> 
> [1] https://code.google.com/p/cryptsetup/source/browse/lib/tcrypt/tcrypt.c#272
> [2] http://edc.tversu.ru/elib/inf/0088/0596003943_secureprgckbk-chp-13-sect-2.html


More information about the dm-crypt mailing list