diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2023-09-25 11:56:54 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2023-09-26 13:39:58 +0200 |
commit | 42bc643075e9ec281432de0faed71fecfade5f1c (patch) | |
tree | 04926746ad71ccc9ddeea708b5f6b178cbd0df27 /openpgp | |
parent | 6251bc81f2db3a4a93a02cee3e0883f6a436d47b (diff) |
openpgp: Zero the stack after using RustCrypto's block ciphers.
- Zeroing the stack is not something that upstream necessarily
considers their responsibility, hence we need to do it. In any
case, there is a bug in current versions of the AES crate that
spills the symmetric key into the stack when using AES-NI or the
ARMv8 Cryptography Extensions.
- See https://github.com/RustCrypto/block-ciphers/issues/385.
Diffstat (limited to 'openpgp')
-rw-r--r-- | openpgp/src/crypto/backend/rust/symmetric.rs | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/openpgp/src/crypto/backend/rust/symmetric.rs b/openpgp/src/crypto/backend/rust/symmetric.rs index b04f0fc9..1869f1b9 100644 --- a/openpgp/src/crypto/backend/rust/symmetric.rs +++ b/openpgp/src/crypto/backend/rust/symmetric.rs @@ -110,6 +110,7 @@ macro_rules! impl_enc_mode { dst: &mut [u8], src: &[u8], ) -> Result<()> { + zero_stack!(4096 bytes after running { debug_assert_eq!(dst.len(), src.len()); let bs = self.block_size(); let missing = (bs - (dst.len() % bs)) % bs; @@ -213,6 +214,7 @@ macro_rules! impl_enc_mode { } } Ok(()) + }) } fn decrypt( @@ -247,6 +249,7 @@ macro_rules! impl_dec_mode { dst: &mut [u8], src: &[u8], ) -> Result<()> { + zero_stack!(4096 bytes after running { debug_assert_eq!(dst.len(), src.len()); let bs = self.block_size(); let missing = (bs - (dst.len() % bs)) % bs; @@ -350,6 +353,7 @@ macro_rules! impl_dec_mode { } } Ok(()) + }) } } } @@ -375,6 +379,7 @@ where macro_rules! make_mode { ($fn:ident, $enum:ident, $mode:ident::$mode2:ident $(, $iv:ident:$ivt:ty)?) => { pub(crate) fn $fn(self, key: &[u8], $($iv: $ivt)?) -> Result<Box<dyn Mode>> { + zero_stack!(8192 bytes after running || -> Result<Box<dyn Mode>> { use cipher::generic_array::GenericArray as GA; use SymmetricAlgorithm::*; @@ -459,6 +464,7 @@ macro_rules! make_mode { Err(Error::UnsupportedSymmetricAlgorithm(self).into()) } } + }) } } } |