Don't store an HMAC key for longer than we need #10747
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The HMAC_CTX structure stores the original key in case the ctx is reused without changing the key. However, HMAC_Init_ex() checks its parameters such that the only code path where the stored key is ever used is in the case where HMAC_Init_ex is called with a NULL key and an explicit md is provided which is the same as the md that was provided previously. But in that case we can actually reuse the pre-digested key that we calculated last time, so we can refactor the code not to use the stored key at all. With that refactor done it is no longer necessary to store the key in the ctx at all. This means that long running ctx's will not keep the key in memory for any longer than required. Note though that the digested key *is* still kept in memory for the duration of the life of the ctx. Fixes openssl#10743
mattcaswell
added
branch: master
|
A very nice fix. Thank you! |
t8m
approved these changes
Jan 3, 2020
t8m
added
the
approval: done
paulidale
approved these changes
Jan 4, 2020
| int rv = 0; | ||
| int i, j, reset = 0; | ||
| int rv = 0, reset = 0; | ||
| int i, j; |
There was a problem hiding this comment.
Kind of odd moving this up a line.
There was a problem hiding this comment.
It looked more odd before the change. Now there are two zero-initialized local variables in line 21 and two uninitialized counter variables in line 22.
There was a problem hiding this comment.
I'm not suggesting it gets changed back, I agree it's better this way. I just thought it odd to make a non-essential change.
There was a problem hiding this comment.
At one point during developing this change I removed the reset variable altogether. I later realised I still needed it so put it back again. Inadvertently it went to a slightly different place. But since everyone seems ok with it, and even to prefer it this way, I'll leave it.
mattcaswell
added
approval: ready to merge
openssl-machine
pushed a commit
that referenced
this pull request
Jan 6, 2020
The HMAC_CTX structure stores the original key in case the ctx is reused without changing the key. However, HMAC_Init_ex() checks its parameters such that the only code path where the stored key is ever used is in the case where HMAC_Init_ex is called with a NULL key and an explicit md is provided which is the same as the md that was provided previously. But in that case we can actually reuse the pre-digested key that we calculated last time, so we can refactor the code not to use the stored key at all. With that refactor done it is no longer necessary to store the key in the ctx at all. This means that long running ctx's will not keep the key in memory for any longer than required. Note though that the digested key *is* still kept in memory for the duration of the life of the ctx. Fixes #10743 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from #10747)
|
Pushed to master. The 1.1.1 version apparently needs a slight adjustment. I'll raise a new PR for that. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The HMAC_CTX structure stores the original key in case the ctx is reused
without changing the key.
However, HMAC_Init_ex() checks its parameters such that the only code path
where the stored key is ever used is in the case where HMAC_Init_ex is
called with a NULL key and an explicit md is provided which is the same as
the md that was provided previously. But in that case we can actually reuse
the pre-digested key that we calculated last time, so we can refactor the
code not to use the stored key at all.
With that refactor done it is no longer necessary to store the key in the
ctx at all. This means that long running ctx's will not keep the key in
memory for any longer than required. Note though that the digested key
is still kept in memory for the duration of the life of the ctx.
Fixes #10743
Note: It is debatable whether this should come under the "bug" rules or not, and therefore be eligible for backport to 1.1.1. Since it provides no user visible features, and is a security hardening measure I have flagged it for 1.1.1.