Commit 14d4cc08832efb724e58944ba2ac22e2ca3143dc
Exists in
ti-lsk-linux-4.1.y
and in
10 other branches
Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
Pull /dev/random updates from Ted Ts'o: "This adds a memzero_explicit() call which is guaranteed not to be optimized away by GCC. This is important when we are wiping cryptographically sensitive material" * tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: crypto: memzero_explicit - make sure to clear out sensitive data random: add and use memzero_explicit() for clearing data
Showing 10 changed files Side-by-side Diff
crypto/cts.c
... | ... | @@ -202,7 +202,8 @@ |
202 | 202 | /* 5. Append the tail (BB - Ln) bytes of Xn (tmp) to Cn to create En */ |
203 | 203 | memcpy(s + bsize + lastn, tmp + lastn, bsize - lastn); |
204 | 204 | /* 6. Decrypt En to create Pn-1 */ |
205 | - memset(iv, 0, sizeof(iv)); | |
205 | + memzero_explicit(iv, sizeof(iv)); | |
206 | + | |
206 | 207 | sg_set_buf(&sgsrc[0], s + bsize, bsize); |
207 | 208 | sg_set_buf(&sgdst[0], d, bsize); |
208 | 209 | err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize); |
crypto/sha1_generic.c
crypto/sha256_generic.c
... | ... | @@ -211,10 +211,9 @@ |
211 | 211 | |
212 | 212 | /* clear any sensitive info... */ |
213 | 213 | a = b = c = d = e = f = g = h = t1 = t2 = 0; |
214 | - memset(W, 0, 64 * sizeof(u32)); | |
214 | + memzero_explicit(W, 64 * sizeof(u32)); | |
215 | 215 | } |
216 | 216 | |
217 | - | |
218 | 217 | static int sha224_init(struct shash_desc *desc) |
219 | 218 | { |
220 | 219 | struct sha256_state *sctx = shash_desc_ctx(desc); |
... | ... | @@ -317,7 +316,7 @@ |
317 | 316 | sha256_final(desc, D); |
318 | 317 | |
319 | 318 | memcpy(hash, D, SHA224_DIGEST_SIZE); |
320 | - memset(D, 0, SHA256_DIGEST_SIZE); | |
319 | + memzero_explicit(D, SHA256_DIGEST_SIZE); | |
321 | 320 | |
322 | 321 | return 0; |
323 | 322 | } |
crypto/sha512_generic.c
crypto/tgr192.c
... | ... | @@ -612,7 +612,7 @@ |
612 | 612 | |
613 | 613 | tgr192_final(desc, D); |
614 | 614 | memcpy(out, D, TGR160_DIGEST_SIZE); |
615 | - memset(D, 0, TGR192_DIGEST_SIZE); | |
615 | + memzero_explicit(D, TGR192_DIGEST_SIZE); | |
616 | 616 | |
617 | 617 | return 0; |
618 | 618 | } |
... | ... | @@ -623,7 +623,7 @@ |
623 | 623 | |
624 | 624 | tgr192_final(desc, D); |
625 | 625 | memcpy(out, D, TGR128_DIGEST_SIZE); |
626 | - memset(D, 0, TGR192_DIGEST_SIZE); | |
626 | + memzero_explicit(D, TGR192_DIGEST_SIZE); | |
627 | 627 | |
628 | 628 | return 0; |
629 | 629 | } |
crypto/vmac.c
... | ... | @@ -613,7 +613,7 @@ |
613 | 613 | } |
614 | 614 | mac = vmac(ctx->partial, ctx->partial_size, nonce, NULL, ctx); |
615 | 615 | memcpy(out, &mac, sizeof(vmac_t)); |
616 | - memset(&mac, 0, sizeof(vmac_t)); | |
616 | + memzero_explicit(&mac, sizeof(vmac_t)); | |
617 | 617 | memset(&ctx->__vmac_ctx, 0, sizeof(struct vmac_ctx)); |
618 | 618 | ctx->partial_size = 0; |
619 | 619 | return 0; |
crypto/wp512.c
... | ... | @@ -1102,8 +1102,8 @@ |
1102 | 1102 | u8 D[64]; |
1103 | 1103 | |
1104 | 1104 | wp512_final(desc, D); |
1105 | - memcpy (out, D, WP384_DIGEST_SIZE); | |
1106 | - memset (D, 0, WP512_DIGEST_SIZE); | |
1105 | + memcpy(out, D, WP384_DIGEST_SIZE); | |
1106 | + memzero_explicit(D, WP512_DIGEST_SIZE); | |
1107 | 1107 | |
1108 | 1108 | return 0; |
1109 | 1109 | } |
... | ... | @@ -1113,8 +1113,8 @@ |
1113 | 1113 | u8 D[64]; |
1114 | 1114 | |
1115 | 1115 | wp512_final(desc, D); |
1116 | - memcpy (out, D, WP256_DIGEST_SIZE); | |
1117 | - memset (D, 0, WP512_DIGEST_SIZE); | |
1116 | + memcpy(out, D, WP256_DIGEST_SIZE); | |
1117 | + memzero_explicit(D, WP512_DIGEST_SIZE); | |
1118 | 1118 | |
1119 | 1119 | return 0; |
1120 | 1120 | } |
drivers/char/random.c
... | ... | @@ -1106,7 +1106,7 @@ |
1106 | 1106 | __mix_pool_bytes(r, hash.w, sizeof(hash.w)); |
1107 | 1107 | spin_unlock_irqrestore(&r->lock, flags); |
1108 | 1108 | |
1109 | - memset(workspace, 0, sizeof(workspace)); | |
1109 | + memzero_explicit(workspace, sizeof(workspace)); | |
1110 | 1110 | |
1111 | 1111 | /* |
1112 | 1112 | * In case the hash function has some recognizable output |
... | ... | @@ -1118,7 +1118,7 @@ |
1118 | 1118 | hash.w[2] ^= rol32(hash.w[2], 16); |
1119 | 1119 | |
1120 | 1120 | memcpy(out, &hash, EXTRACT_SIZE); |
1121 | - memset(&hash, 0, sizeof(hash)); | |
1121 | + memzero_explicit(&hash, sizeof(hash)); | |
1122 | 1122 | } |
1123 | 1123 | |
1124 | 1124 | /* |
... | ... | @@ -1175,7 +1175,7 @@ |
1175 | 1175 | } |
1176 | 1176 | |
1177 | 1177 | /* Wipe data just returned from memory */ |
1178 | - memset(tmp, 0, sizeof(tmp)); | |
1178 | + memzero_explicit(tmp, sizeof(tmp)); | |
1179 | 1179 | |
1180 | 1180 | return ret; |
1181 | 1181 | } |
... | ... | @@ -1218,7 +1218,7 @@ |
1218 | 1218 | } |
1219 | 1219 | |
1220 | 1220 | /* Wipe data just returned from memory */ |
1221 | - memset(tmp, 0, sizeof(tmp)); | |
1221 | + memzero_explicit(tmp, sizeof(tmp)); | |
1222 | 1222 | |
1223 | 1223 | return ret; |
1224 | 1224 | } |
include/linux/string.h
... | ... | @@ -132,7 +132,7 @@ |
132 | 132 | #endif |
133 | 133 | |
134 | 134 | extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos, |
135 | - const void *from, size_t available); | |
135 | + const void *from, size_t available); | |
136 | 136 | |
137 | 137 | /** |
138 | 138 | * strstarts - does @str start with @prefix? |
... | ... | @@ -144,7 +144,8 @@ |
144 | 144 | return strncmp(str, prefix, strlen(prefix)) == 0; |
145 | 145 | } |
146 | 146 | |
147 | -extern size_t memweight(const void *ptr, size_t bytes); | |
147 | +size_t memweight(const void *ptr, size_t bytes); | |
148 | +void memzero_explicit(void *s, size_t count); | |
148 | 149 | |
149 | 150 | /** |
150 | 151 | * kbasename - return the last part of a pathname. |
lib/string.c
... | ... | @@ -598,6 +598,22 @@ |
598 | 598 | EXPORT_SYMBOL(memset); |
599 | 599 | #endif |
600 | 600 | |
601 | +/** | |
602 | + * memzero_explicit - Fill a region of memory (e.g. sensitive | |
603 | + * keying data) with 0s. | |
604 | + * @s: Pointer to the start of the area. | |
605 | + * @count: The size of the area. | |
606 | + * | |
607 | + * memzero_explicit() doesn't need an arch-specific version as | |
608 | + * it just invokes the one of memset() implicitly. | |
609 | + */ | |
610 | +void memzero_explicit(void *s, size_t count) | |
611 | +{ | |
612 | + memset(s, 0, count); | |
613 | + OPTIMIZER_HIDE_VAR(s); | |
614 | +} | |
615 | +EXPORT_SYMBOL(memzero_explicit); | |
616 | + | |
601 | 617 | #ifndef __HAVE_ARCH_MEMCPY |
602 | 618 | /** |
603 | 619 | * memcpy - Copy one area of memory to another |