From 18e6ec2f1766b91b4a3f3fa471041739cfbcce42 Mon Sep 17 00:00:00 2001 From: Sumit Garg Date: Thu, 27 Jun 2019 19:19:59 +0530 Subject: [PATCH] core: crypto: libtomcrypt: fix LTC_CLEAN_STACK bug LTC_CLEAN_STACK uses burn_stack() API that uses a recursive call which leads to approx. double the size of stack cleaned than expected on ARM64. So this causes stack overflow corrupting canaries in case we perform a SHA512 hash operation which utilizes maximum stack as compared to other libtomcrypt APIs. So get rid of this recursive call via using variable length array to clean stack. Also, convert zeromem() API as a wrapper to call memzero_explicit(). Fixes: ad565116a0d7 ("core: crypto: libtomcrypt: enable LTC_CLEAN_STACK") Suggested-by: Daniel Thompson Signed-off-by: Sumit Garg --- core/lib/libtomcrypt/src/misc/burn_stack.c | 4 +--- core/lib/libtomcrypt/src/misc/zeromem.c | 6 ++---- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/core/lib/libtomcrypt/src/misc/burn_stack.c b/core/lib/libtomcrypt/src/misc/burn_stack.c index c5ae8d3a406..1722be0de0a 100644 --- a/core/lib/libtomcrypt/src/misc/burn_stack.c +++ b/core/lib/libtomcrypt/src/misc/burn_stack.c @@ -49,10 +49,8 @@ */ void burn_stack(unsigned long len) { - unsigned char buf[32]; + unsigned char buf[len]; zeromem(buf, sizeof(buf)); - if (len > (unsigned long)sizeof(buf)) - burn_stack(len - sizeof(buf)); } diff --git a/core/lib/libtomcrypt/src/misc/zeromem.c b/core/lib/libtomcrypt/src/misc/zeromem.c index c4cc325e144..65be86cec0c 100644 --- a/core/lib/libtomcrypt/src/misc/zeromem.c +++ b/core/lib/libtomcrypt/src/misc/zeromem.c @@ -37,6 +37,7 @@ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ #include "tomcrypt.h" +#include /** @file zeromem.c @@ -50,11 +51,8 @@ */ void zeromem(volatile void *out, size_t outlen) { - volatile char *mem = out; LTC_ARGCHKVD(out != NULL); - while (outlen-- > 0) { - *mem++ = 0; - } + memzero_explicit((void *)out, outlen); } /* $Source: /cvs/libtom/libtomcrypt/src/misc/zeromem.c,v $ */