Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1773109imm; Thu, 27 Sep 2018 02:12:48 -0700 (PDT) X-Google-Smtp-Source: ACcGV63PHgak2Wy2gk5Y/NHpwk04Or21HjUOABD/pYja/EpvOCBoYVW5MCzY1kUsuw3p7bjIscgs X-Received: by 2002:a62:6781:: with SMTP id t1-v6mr10329900pfj.200.1538039568594; Thu, 27 Sep 2018 02:12:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538039568; cv=none; d=google.com; s=arc-20160816; b=d5RoVsfGCKYsonxCjf8FfLCq+x1QDqYD/0a7Q1Wh7M+L4McW3/bd6BbeUiUYFhLn6f rdoT2SsbGIGaP4ExsLzFlp5a+A5H4CGQ7CVKnObgXjfv7o3rk6FINxnDMHNDHnXq1zqQ JQsaXafOb9hhccTzZMRswvkIWKSsHkMb0zd8KCr7+KAlmgcHhTdQH7gudj2wjXj/BCBh NiKv2av7cQAazBBTpuYQXcwSWbFP1T9O8MFAK6KFQFiwMWlgAu7eJWTmYZDMN5Uon2Vm TygE+NmXFAAMUvQzRzcz9fUaJYW796rsRqjn3SLhBtMumY6bmSanbHe3WbYg1WBLBr0T CXew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=FygEx1x7db0VXDYzBKx/OpxSz8exWEOskmPNZ6yT60o=; b=Svr5QSKWj4BYTBax7jDVdbAWCgJBb6Za6wQyFfiEQD1ggio3ZprJjkSnhe+5hUocLT rNrckQm4zAbstHzfUsi169vpg6BPDaGi80R7Ig6XwaQAHPZ0VnHKHKPZ7zDJf3g6NMNn ttRSsLRUT7JydvyWou/otqjUPu6yqTmFwo5WphMVNfBnK+iwd9RGLxn4+JeXB1as0K8L GLe1zEAvwqilAv1UNJ5cflJLLSD8WYYteC2HucJ4LhPMGaZniJ0EngU4mxQHhtsrPJ8k dMwi7meMvn+kP5g77ZNOIMy+bNf30pbtY5rstDs/6D/Ht6/bKAzQs6F/YEZ63JEP3pDX WeZw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u8-v6si1958021pfj.137.2018.09.27.02.12.33; Thu, 27 Sep 2018 02:12:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728416AbeI0P1m (ORCPT + 99 others); Thu, 27 Sep 2018 11:27:42 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:55148 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727084AbeI0P1m (ORCPT ); Thu, 27 Sep 2018 11:27:42 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 449CB1117; Thu, 27 Sep 2018 09:10:25 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sabrina Dubroca , "David S. Miller" Subject: [PATCH 4.18 09/88] tls: zero the crypto information from tls_context before freeing Date: Thu, 27 Sep 2018 11:02:50 +0200 Message-Id: <20180927090301.647998485@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180927090300.631426620@linuxfoundation.org> References: <20180927090300.631426620@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sabrina Dubroca [ Upstream commit 86029d10af18381814881d6cce2dd6872163b59f ] This contains key material in crypto_send_aes_gcm_128 and crypto_recv_aes_gcm_128. Introduce union tls_crypto_context, and replace the two identical unions directly embedded in struct tls_context with it. We can then use this union to clean up the memory in the new tls_ctx_free() function. Fixes: 3c4d7559159b ("tls: kernel TLS support") Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- include/net/tls.h | 19 +++++++++---------- net/tls/tls_device.c | 4 ++-- net/tls/tls_device_fallback.c | 2 +- net/tls/tls_main.c | 20 +++++++++++++++----- net/tls/tls_sw.c | 8 ++++---- 5 files changed, 31 insertions(+), 22 deletions(-) --- a/include/net/tls.h +++ b/include/net/tls.h @@ -165,15 +165,14 @@ struct cipher_context { char *rec_seq; }; +union tls_crypto_context { + struct tls_crypto_info info; + struct tls12_crypto_info_aes_gcm_128 aes_gcm_128; +}; + struct tls_context { - union { - struct tls_crypto_info crypto_send; - struct tls12_crypto_info_aes_gcm_128 crypto_send_aes_gcm_128; - }; - union { - struct tls_crypto_info crypto_recv; - struct tls12_crypto_info_aes_gcm_128 crypto_recv_aes_gcm_128; - }; + union tls_crypto_context crypto_send; + union tls_crypto_context crypto_recv; struct list_head list; struct net_device *netdev; @@ -337,8 +336,8 @@ static inline void tls_fill_prepend(stru * size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE */ buf[0] = record_type; - buf[1] = TLS_VERSION_MINOR(ctx->crypto_send.version); - buf[2] = TLS_VERSION_MAJOR(ctx->crypto_send.version); + buf[1] = TLS_VERSION_MINOR(ctx->crypto_send.info.version); + buf[2] = TLS_VERSION_MAJOR(ctx->crypto_send.info.version); /* we can use IV for nonce explicit according to spec */ buf[3] = pkt_len >> 8; buf[4] = pkt_len & 0xFF; --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -552,7 +552,7 @@ int tls_set_device_offload(struct sock * goto free_marker_record; } - crypto_info = &ctx->crypto_send; + crypto_info = &ctx->crypto_send.info; switch (crypto_info->cipher_type) { case TLS_CIPHER_AES_GCM_128: nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE; @@ -650,7 +650,7 @@ int tls_set_device_offload(struct sock * ctx->priv_ctx_tx = offload_ctx; rc = netdev->tlsdev_ops->tls_dev_add(netdev, sk, TLS_OFFLOAD_CTX_DIR_TX, - &ctx->crypto_send, + &ctx->crypto_send.info, tcp_sk(sk)->write_seq); if (rc) goto release_netdev; --- a/net/tls/tls_device_fallback.c +++ b/net/tls/tls_device_fallback.c @@ -320,7 +320,7 @@ static struct sk_buff *tls_enc_skb(struc goto free_req; iv = buf; - memcpy(iv, tls_ctx->crypto_send_aes_gcm_128.salt, + memcpy(iv, tls_ctx->crypto_send.aes_gcm_128.salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE); aad = buf + TLS_CIPHER_AES_GCM_128_SALT_SIZE + TLS_CIPHER_AES_GCM_128_IV_SIZE; --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -245,6 +245,16 @@ static void tls_write_space(struct sock ctx->sk_write_space(sk); } +static void tls_ctx_free(struct tls_context *ctx) +{ + if (!ctx) + return; + + memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send)); + memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv)); + kfree(ctx); +} + static void tls_sk_proto_close(struct sock *sk, long timeout) { struct tls_context *ctx = tls_get_ctx(sk); @@ -295,7 +305,7 @@ static void tls_sk_proto_close(struct so #else { #endif - kfree(ctx); + tls_ctx_free(ctx); ctx = NULL; } @@ -306,7 +316,7 @@ skip_tx_cleanup: * for sk->sk_prot->unhash [tls_hw_unhash] */ if (free_ctx) - kfree(ctx); + tls_ctx_free(ctx); } static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval, @@ -331,7 +341,7 @@ static int do_tls_getsockopt_tx(struct s } /* get user crypto info */ - crypto_info = &ctx->crypto_send; + crypto_info = &ctx->crypto_send.info; if (!TLS_CRYPTO_INFO_READY(crypto_info)) { rc = -EBUSY; @@ -418,9 +428,9 @@ static int do_tls_setsockopt_conf(struct } if (tx) - crypto_info = &ctx->crypto_send; + crypto_info = &ctx->crypto_send.info; else - crypto_info = &ctx->crypto_recv; + crypto_info = &ctx->crypto_recv.info; /* Currently we don't support set crypto info more than one time */ if (TLS_CRYPTO_INFO_READY(crypto_info)) { --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -989,8 +989,8 @@ static int tls_read_size(struct strparse goto read_failure; } - if (header[1] != TLS_VERSION_MINOR(tls_ctx->crypto_recv.version) || - header[2] != TLS_VERSION_MAJOR(tls_ctx->crypto_recv.version)) { + if (header[1] != TLS_VERSION_MINOR(tls_ctx->crypto_recv.info.version) || + header[2] != TLS_VERSION_MAJOR(tls_ctx->crypto_recv.info.version)) { ret = -EINVAL; goto read_failure; } @@ -1099,11 +1099,11 @@ int tls_set_sw_offload(struct sock *sk, } if (tx) { - crypto_info = &ctx->crypto_send; + crypto_info = &ctx->crypto_send.info; cctx = &ctx->tx; aead = &sw_ctx_tx->aead_send; } else { - crypto_info = &ctx->crypto_recv; + crypto_info = &ctx->crypto_recv.info; cctx = &ctx->rx; aead = &sw_ctx_rx->aead_recv; }