1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-23 20:15:19 -07:00

Remove memory shielding

That was a great idea to protect against information leak through
speculative loads.

Realistically, nobody is going to use this.
This commit is contained in:
Frank Denis 2020-05-10 21:05:24 +02:00
parent bf2238bbc4
commit 67a9e79655
6 changed files with 3 additions and 85 deletions

View File

@ -609,9 +609,7 @@ _sodium_mlock 0 0
_sodium_mprotect_noaccess 0 0
_sodium_mprotect_readonly 0 0
_sodium_mprotect_readwrite 0 0
_sodium_mshield 1 1
_sodium_munlock 0 0
_sodium_munshield 1 1
_sodium_pad 1 1
_sodium_runtime_has_aesni 0 0
_sodium_runtime_has_armcrypto 0 0

File diff suppressed because one or more lines are too long

View File

@ -158,12 +158,6 @@ int sodium_mprotect_readonly(void *ptr) __attribute__ ((nonnull));
SODIUM_EXPORT
int sodium_mprotect_readwrite(void *ptr) __attribute__ ((nonnull));
SODIUM_EXPORT
int sodium_mshield(void *ptr) __attribute__ ((nonnull));
SODIUM_EXPORT
int sodium_munshield(void *ptr) __attribute__ ((nonnull));
SODIUM_EXPORT
int sodium_pad(size_t *padded_buflen_p, unsigned char *buf,
size_t unpadded_buflen, size_t blocksize, size_t max_buflen)

View File

@ -61,8 +61,6 @@ void *alloca (size_t);
#define CANARY_SIZE 16U
#define GARBAGE_VALUE 0xdb
#define SHIELDING_PREKEY_SIZE 16384U
#ifndef MAP_NOCORE
# ifdef MAP_CONCEAL
# define MAP_NOCORE MAP_CONCEAL
@ -100,7 +98,6 @@ void *alloca (size_t);
static size_t page_size = DEFAULT_PAGE_SIZE;
static unsigned char canary[CANARY_SIZE];
static unsigned char shielding_prekey[SHIELDING_PREKEY_SIZE];
/* LCOV_EXCL_START */
#ifdef HAVE_WEAK_SYMBOLS
@ -418,11 +415,7 @@ _sodium_alloc_init(void)
sodium_misuse(); /* LCOV_EXCL_LINE */
}
#endif
COMPILER_ASSERT(sizeof shielding_prekey >= randombytes_SEEDBYTES);
randombytes_buf(shielding_prekey, randombytes_SEEDBYTES);
randombytes_buf_deterministic(canary, sizeof canary, shielding_prekey);
shielding_prekey[0] ^= 0x01;
randombytes_buf_deterministic(shielding_prekey, sizeof shielding_prekey, shielding_prekey);
randombytes_buf(canary, CANARY_SIZE);
return 0;
}
@ -735,48 +728,6 @@ sodium_mprotect_readwrite(void *ptr)
return _sodium_mprotect(ptr, _mprotect_readwrite);
}
#ifndef HAVE_PAGE_PROTECTION
int
sodium_mshield(void *ptr)
{
(void) ptr;
errno = ENOSYS;
return -1;
}
#else
int
sodium_mshield(void *ptr)
{
unsigned char shielding_key[crypto_stream_KEYBYTES];
unsigned char nonce[crypto_stream_NONCEBYTES];
unsigned char *base_ptr;
unsigned char *unprotected_ptr;
size_t unprotected_size;
unprotected_ptr = _unprotected_ptr_from_user_ptr(ptr);
base_ptr = unprotected_ptr - page_size * 2U;
memcpy(&unprotected_size, base_ptr, sizeof unprotected_size);
crypto_generichash(shielding_key, sizeof shielding_key,
shielding_prekey, sizeof shielding_prekey, NULL, 0);
COMPILER_ASSERT(sizeof nonce >= (sizeof unprotected_ptr) + (sizeof unprotected_size));
memset(nonce, 0, sizeof nonce);
memcpy(nonce, &unprotected_ptr, sizeof unprotected_ptr);
memcpy(nonce + sizeof unprotected_ptr, &unprotected_size, sizeof unprotected_size);
crypto_stream_xor(unprotected_ptr, unprotected_ptr, unprotected_size, nonce, shielding_key);
sodium_memzero(shielding_key, sizeof shielding_key);
sodium_memzero(nonce, sizeof nonce);
return 0;
}
#endif
int
sodium_munshield(void *ptr)
{
return sodium_mshield(ptr);
}
int
sodium_pad(size_t *padded_buflen_p, unsigned char *buf,
size_t unpadded_buflen, size_t blocksize, size_t max_buflen)

View File

@ -41,32 +41,9 @@ int
main(void)
{
void *buf;
void *buf2;
size_t size;
unsigned int i;
size = randombytes_uniform(100U);
if ((buf = sodium_malloc(size)) == NULL ||
(buf2 = sodium_malloc(size)) == NULL) {
return 1;
}
randombytes_buf(buf, size);
memcpy(buf2, buf, size);
errno = EINVAL;
if (sodium_mshield(buf) != 0) {
assert(errno == ENOSYS);
} else {
assert(size == 0U || memcmp(buf, buf2, size) != 0);
}
errno = EINVAL;
if (sodium_munshield(buf) != 0) {
assert(errno == ENOSYS);
} else {
assert(size == 0U || memcmp(buf, buf2, size) == 0);
}
sodium_free(buf2);
sodium_free(buf);
if (sodium_malloc(SIZE_MAX - 1U) != NULL) {
return 1;
}

View File

@ -685,9 +685,7 @@ sodium_mlock
sodium_mprotect_noaccess
sodium_mprotect_readonly
sodium_mprotect_readwrite
sodium_mshield
sodium_munlock
sodium_munshield
sodium_pad
sodium_runtime_has_aesni
sodium_runtime_has_armcrypto