subject:"\[PATCH 3\/5\] KEYS\: encrypted\: sanitize all key material"

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

2017-04-24 Thread David Howells

Eric Biggers wrote: > It's not actually needed because it's impossible for the compiler to optimize > away the memset(). memzero_explicit() is only needed on stack data. Okay, also reasonable. David

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

2017-04-24 Thread David Howells

Eric Biggers wrote: > It's not actually needed because it's impossible for the compiler to optimize > away the memset(). memzero_explicit() is only needed on stack data. Okay, also reasonable. David

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

2017-04-21 Thread Eric Biggers

On Fri, Apr 21, 2017 at 03:31:08PM +0100, David Howells wrote: > Eric Biggers wrote: > > > - memzero_explicit(epayload->decrypted_data, epayload->decrypted_datalen); > > - kfree(key->payload.data[0]); > > + kzfree(key->payload.data[0]); > > Should kzfree() be using

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

2017-04-21 Thread Eric Biggers

On Fri, Apr 21, 2017 at 03:31:08PM +0100, David Howells wrote: > Eric Biggers wrote: > > > - memzero_explicit(epayload->decrypted_data, epayload->decrypted_datalen); > > - kfree(key->payload.data[0]); > > + kzfree(key->payload.data[0]); > > Should kzfree() be using memzero_explicit()

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

2017-04-21 Thread David Howells

Eric Biggers wrote: > - memzero_explicit(epayload->decrypted_data, epayload->decrypted_datalen); > - kfree(key->payload.data[0]); > + kzfree(key->payload.data[0]); Should kzfree() be using memzero_explicit() rather than memset()? David

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

2017-04-21 Thread David Howells

Eric Biggers wrote: > - memzero_explicit(epayload->decrypted_data, epayload->decrypted_datalen); > - kfree(key->payload.data[0]); > + kzfree(key->payload.data[0]); Should kzfree() be using memzero_explicit() rather than memset()? David

[PATCH 3/5] KEYS: encrypted: sanitize all key material

2017-04-21 Thread Eric Biggers

From: Eric Biggers For keys of type "encrypted", consistently zero sensitive key material before freeing it. This was already being done for the decrypted payloads of encrypted keys, but not for the master key and the keys derived from the master key. Out of an abundance

[PATCH 3/5] KEYS: encrypted: sanitize all key material

2017-04-21 Thread Eric Biggers

From: Eric Biggers For keys of type "encrypted", consistently zero sensitive key material before freeing it. This was already being done for the decrypted payloads of encrypted keys, but not for the master key and the keys derived from the master key. Out of an abundance of caution and because

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

Re: [PATCH 3/5] KEYS: encrypted: sanitize all key material

[PATCH 3/5] KEYS: encrypted: sanitize all key material

[PATCH 3/5] KEYS: encrypted: sanitize all key material

8 matches

Site Navigation

Mail list logo

Footer information