| From foo@baz Wed Sep 26 11:28:02 CEST 2018 |
| From: Sabrina Dubroca <sd@queasysnail.net> |
| Date: Wed, 12 Sep 2018 17:44:42 +0200 |
| Subject: tls: zero the crypto information from tls_context before freeing |
| |
| From: Sabrina Dubroca <sd@queasysnail.net> |
| |
| [ Upstream commit 86029d10af18381814881d6cce2dd6872163b59f ] |
| |
| This contains key material in crypto_send_aes_gcm_128 and |
| crypto_recv_aes_gcm_128. |
| |
| Introduce union tls_crypto_context, and replace the two identical |
| unions directly embedded in struct tls_context with it. We can then |
| use this union to clean up the memory in the new tls_ctx_free() |
| function. |
| |
| Fixes: 3c4d7559159b ("tls: kernel TLS support") |
| Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| include/net/tls.h | 14 ++++++++------ |
| net/tls/tls_main.c | 15 ++++++++++++--- |
| net/tls/tls_sw.c | 2 +- |
| 3 files changed, 21 insertions(+), 10 deletions(-) |
| |
| --- a/include/net/tls.h |
| +++ b/include/net/tls.h |
| @@ -79,11 +79,13 @@ enum { |
| TLS_PENDING_CLOSED_RECORD |
| }; |
| |
| +union tls_crypto_context { |
| + struct tls_crypto_info info; |
| + struct tls12_crypto_info_aes_gcm_128 aes_gcm_128; |
| +}; |
| + |
| struct tls_context { |
| - union { |
| - struct tls_crypto_info crypto_send; |
| - struct tls12_crypto_info_aes_gcm_128 crypto_send_aes_gcm_128; |
| - }; |
| + union tls_crypto_context crypto_send; |
| |
| void *priv_ctx; |
| |
| @@ -208,8 +210,8 @@ static inline void tls_fill_prepend(stru |
| * size KTLS_DTLS_HEADER_SIZE + KTLS_DTLS_NONCE_EXPLICIT_SIZE |
| */ |
| buf[0] = record_type; |
| - buf[1] = TLS_VERSION_MINOR(ctx->crypto_send.version); |
| - buf[2] = TLS_VERSION_MAJOR(ctx->crypto_send.version); |
| + buf[1] = TLS_VERSION_MINOR(ctx->crypto_send.info.version); |
| + buf[2] = TLS_VERSION_MAJOR(ctx->crypto_send.info.version); |
| /* we can use IV for nonce explicit according to spec */ |
| buf[3] = pkt_len >> 8; |
| buf[4] = pkt_len & 0xFF; |
| --- a/net/tls/tls_main.c |
| +++ b/net/tls/tls_main.c |
| @@ -218,6 +218,15 @@ static void tls_write_space(struct sock |
| ctx->sk_write_space(sk); |
| } |
| |
| +static void tls_ctx_free(struct tls_context *ctx) |
| +{ |
| + if (!ctx) |
| + return; |
| + |
| + memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send)); |
| + kfree(ctx); |
| +} |
| + |
| static void tls_sk_proto_close(struct sock *sk, long timeout) |
| { |
| struct tls_context *ctx = tls_get_ctx(sk); |
| @@ -246,7 +255,7 @@ static void tls_sk_proto_close(struct so |
| kfree(ctx->iv); |
| |
| sk_proto_close = ctx->sk_proto_close; |
| - kfree(ctx); |
| + tls_ctx_free(ctx); |
| |
| release_sock(sk); |
| sk_proto_close(sk, timeout); |
| @@ -274,7 +283,7 @@ static int do_tls_getsockopt_tx(struct s |
| } |
| |
| /* get user crypto info */ |
| - crypto_info = &ctx->crypto_send; |
| + crypto_info = &ctx->crypto_send.info; |
| |
| if (!TLS_CRYPTO_INFO_READY(crypto_info)) { |
| rc = -EBUSY; |
| @@ -371,7 +380,7 @@ static int do_tls_setsockopt_tx(struct s |
| } |
| |
| /* get user crypto info */ |
| - crypto_info = &ctx->crypto_send; |
| + crypto_info = &ctx->crypto_send.info; |
| |
| /* Currently we don't support set crypto info more than one time */ |
| if (TLS_CRYPTO_INFO_READY(crypto_info)) { |
| --- a/net/tls/tls_sw.c |
| +++ b/net/tls/tls_sw.c |
| @@ -687,7 +687,7 @@ int tls_set_sw_offload(struct sock *sk, |
| ctx->priv_ctx = (struct tls_offload_context *)sw_ctx; |
| ctx->free_resources = tls_sw_free_resources; |
| |
| - crypto_info = &ctx->crypto_send; |
| + crypto_info = &ctx->crypto_send.info; |
| switch (crypto_info->cipher_type) { |
| case TLS_CIPHER_AES_GCM_128: { |
| nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE; |