Re: crypto: zeroization of sensitive data in af_alg

On 11/11/2014 05:16 AM, Stephan Mueller wrote: ... That is a good idea. Herbert: I can prepare a patch that uses memzero_explicit. However, your current tree does not yet implement that function as it was added to Linus' tree after you pulled from it. Yep, Ted took it [1] on top of the random

Re: crypto: zeroization of sensitive data in af_alg

On Tue, Nov 11, 2014 at 05:16:54AM +0100, Stephan Mueller wrote: > > Shall I now still use memset(0) or prepare a patch that does not yet compile > by using memzero_explicit? Just send the patch with the memzer_explicit and I'll make sure that I pull the requisite changes in before I apply your

Re: crypto: zeroization of sensitive data in af_alg

Am Montag, 10. November 2014, 21:55:43 schrieb Sandy Harris: Hi Sandy, Herbert, > On Sun, Nov 9, 2014 at 5:33 PM, Stephan Mueller wrote: > > while working on the AF_ALG interface, I saw no active zeroizations of > > memory that may hold sensitive data that is maintained outside the kernel > > cr

Re: crypto: zeroization of sensitive data in af_alg

On Sun, Nov 9, 2014 at 5:33 PM, Stephan Mueller wrote: > while working on the AF_ALG interface, I saw no active zeroizations of memory > that may hold sensitive data that is maintained outside the kernel crypto API > cipher handles. ... > I think I found the location for the first one: hash_sock

Re: crypto: zeroization of sensitive data in af_alg

On Tue, Nov 11, 2014 at 03:06:32AM +0100, Stephan Mueller wrote: > Am Montag, 10. November 2014, 22:05:18 schrieb Herbert Xu: > > Hi Herbert, > > > On Sun, Nov 09, 2014 at 11:33:52PM +0100, Stephan Mueller wrote: > > > while working on the AF_ALG interface, I saw no active zeroizations of > > > m

Re: crypto: zeroization of sensitive data in af_alg

Am Montag, 10. November 2014, 22:05:18 schrieb Herbert Xu: Hi Herbert, > On Sun, Nov 09, 2014 at 11:33:52PM +0100, Stephan Mueller wrote: > > while working on the AF_ALG interface, I saw no active zeroizations of > > memory that may hold sensitive data that is maintained outside the kernel > > cr

Re: crypto: zeroization of sensitive data in af_alg

On Sun, Nov 09, 2014 at 11:33:52PM +0100, Stephan Mueller wrote: > > while working on the AF_ALG interface, I saw no active zeroizations of memory > that may hold sensitive data that is maintained outside the kernel crypto API > cipher handles. I think the following memory segments fall under th

crypto: zeroization of sensitive data in af_alg

Hi Herbert, while working on the AF_ALG interface, I saw no active zeroizations of memory that may hold sensitive data that is maintained outside the kernel crypto API cipher handles. I think the following memory segments fall under that category: * message digest * IV