Closed mped-oticon closed 4 years ago
Should I submit a pull request?
@mped-oticon, I agree with your suggestion. Would appreciate if you submit a pull request replacing the variable length array to a fixed length array. Thanks
@mped-oticon, I agree with your suggestion. Would appreciate if you submit a pull request replacing the variable length array to a fixed length array. Thanks
Done :) Sorry it took so long.
This issue is born out of real-world usage, from the Zephyr project where work is ongoing porting to new platform and compliance cleanup.
A VLA is used in
tinycrypt/source/hmac.c
::tc_hmac_set_key()
,dummy_key
. This is unfortunate for a number of reasons, listed later below.My understanding: It appears that
dummy_key
is written whenkey_size <= TC_SHA256_BLOCK_SIZE
and timing between the two branches should be nearly the same to cover up the sidechannel mentioned therein. Normally,key_size
==TC_SHA256_BLOCK_SIZE
anddummy_key
will be written and thrown away. That makes sense, as we only want the timing behavior fromtc_sha256_
* in the then-branch. Fine. Call torekey
is what matters.Request:
dummy_key
statically sized, to the worst-case (= the usual case) size ofTC_SHA256_BLOCK_SIZE
as per the patch below.dummy_key
anddummy_state
to the then-branch.This patch should improve safety too, as 1) the total stack frame usage can now better be analyzed, 2) some compilers may ignore that
dummy_key
is only written guarded bykey_size <= TC_SHA256_BLOCK_SIZE
since it is declared in the scope outside. So 2 means that stack overflow could happen if key_size was big, even if guarded.Variable length arrays have multiple issues:
Patch:
I'll also be happy to submit a PR.