crypto: qat - Use memzero_explicit

Use the new memzero_explicit function to cleanup sensitive data. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto: qat - Use memzero_explicit
Use the new memzero_explicit function to cleanup sensitive data. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Struk, Tadeusz · Herbert Xu
1 parent 52744af3af
Showing 1 changed file with 22 additions and 14 deletions Side-by-side Diff
drivers/crypto/qat/qat_common/qat_algs.c
@@ -161,7 +161,7 @@
 	__be64 *hash512_state_out;
 	int i, offset;
  
-	memset(auth_state.data, '\0', MAX_AUTH_STATE_SIZE + 64);
+	memzero_explicit(auth_state.data, MAX_AUTH_STATE_SIZE + 64);
 	shash->tfm = ctx->hash_tfm;
 	shash->flags = 0x0;
  
  
@@ -174,13 +174,13 @@
  
 		memcpy(ipad, buff, digest_size);
 		memcpy(opad, buff, digest_size);
-		memset(ipad + digest_size, 0, block_size - digest_size);
-		memset(opad + digest_size, 0, block_size - digest_size);
+		memzero_explicit(ipad + digest_size, block_size - digest_size);
+		memzero_explicit(opad + digest_size, block_size - digest_size);
 	} else {
 		memcpy(ipad, auth_key, auth_keylen);
 		memcpy(opad, auth_key, auth_keylen);
-		memset(ipad + auth_keylen, 0, block_size - auth_keylen);
-		memset(opad + auth_keylen, 0, block_size - auth_keylen);
+		memzero_explicit(ipad + auth_keylen, block_size - auth_keylen);
+		memzero_explicit(opad + auth_keylen, block_size - auth_keylen);
 	}
  
 	for (i = 0; i < block_size; i++) {
@@ -254,6 +254,8 @@
 	default:
 		return -EFAULT;
 	}
+	memzero_explicit(ipad, block_size);
+	memzero_explicit(opad, block_size);
 	return 0;
 }
  
@@ -492,12 +494,12 @@
 	if (ctx->enc_cd) {
 		/* rekeying */
 		dev = &GET_DEV(ctx->inst->accel_dev);
-		memset(ctx->enc_cd, 0, sizeof(struct qat_alg_cd));
-		memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));
-		memset(&ctx->enc_fw_req_tmpl, 0,
-		       sizeof(struct icp_qat_fw_la_bulk_req));
-		memset(&ctx->dec_fw_req_tmpl, 0,
-		       sizeof(struct icp_qat_fw_la_bulk_req));
+		memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
+		memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
+		memzero_explicit(&ctx->enc_fw_req_tmpl,
+				 sizeof(struct icp_qat_fw_la_bulk_req));
+		memzero_explicit(&ctx->dec_fw_req_tmpl,
+				 sizeof(struct icp_qat_fw_la_bulk_req));
 	} else {
 		/* new key */
 		int node = get_current_node();
  
@@ -534,10 +536,12 @@
 	return 0;
  
 out_free_all:
+	memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
 	dma_free_coherent(dev, sizeof(struct qat_alg_cd),
 			  ctx->dec_cd, ctx->dec_cd_paddr);
 	ctx->dec_cd = NULL;
 out_free_enc:
+	memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
 	dma_free_coherent(dev, sizeof(struct qat_alg_cd),
 			  ctx->enc_cd, ctx->enc_cd_paddr);
 	ctx->enc_cd = NULL;
@@ -832,7 +836,7 @@
 {
 	struct qat_alg_session_ctx *ctx = crypto_tfm_ctx(tfm);
  
-	memset(ctx, '\0', sizeof(*ctx));
+	memzero_explicit(ctx, sizeof(*ctx));
 	ctx->hash_tfm = crypto_alloc_shash(hash_name, 0, 0);
 	if (IS_ERR(ctx->hash_tfm))
 		return -EFAULT;
  
  
@@ -872,12 +876,16 @@
 		return;
  
 	dev = &GET_DEV(inst->accel_dev);
-	if (ctx->enc_cd)
+	if (ctx->enc_cd) {
+		memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
 		dma_free_coherent(dev, sizeof(struct qat_alg_cd),
 				  ctx->enc_cd, ctx->enc_cd_paddr);
-	if (ctx->dec_cd)
+	}
+	if (ctx->dec_cd) {
+		memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
 		dma_free_coherent(dev, sizeof(struct qat_alg_cd),
 				  ctx->dec_cd, ctx->dec_cd_paddr);
+	}
 	qat_crypto_put_instance(inst);
 }
...	...	@@ -161,7 +161,7 @@
161	161	__be64 *hash512_state_out;
162	162	int i, offset;
163	163
164		- memset(auth_state.data, '\0', MAX_AUTH_STATE_SIZE + 64);
	164	+ memzero_explicit(auth_state.data, MAX_AUTH_STATE_SIZE + 64);
165	165	shash->tfm = ctx->hash_tfm;
166	166	shash->flags = 0x0;
167	167
168	168
...	...	@@ -174,13 +174,13 @@
174	174
175	175	memcpy(ipad, buff, digest_size);
176	176	memcpy(opad, buff, digest_size);
177		- memset(ipad + digest_size, 0, block_size - digest_size);
178		- memset(opad + digest_size, 0, block_size - digest_size);
	177	+ memzero_explicit(ipad + digest_size, block_size - digest_size);
	178	+ memzero_explicit(opad + digest_size, block_size - digest_size);
179	179	} else {
180	180	memcpy(ipad, auth_key, auth_keylen);
181	181	memcpy(opad, auth_key, auth_keylen);
182		- memset(ipad + auth_keylen, 0, block_size - auth_keylen);
183		- memset(opad + auth_keylen, 0, block_size - auth_keylen);
	182	+ memzero_explicit(ipad + auth_keylen, block_size - auth_keylen);
	183	+ memzero_explicit(opad + auth_keylen, block_size - auth_keylen);
184	184	}
185	185
186	186	for (i = 0; i < block_size; i++) {
...	...	@@ -254,6 +254,8 @@
254	254	default:
255	255	return -EFAULT;
256	256	}
	257	+ memzero_explicit(ipad, block_size);
	258	+ memzero_explicit(opad, block_size);
257	259	return 0;
258	260	}
259	261
...	...	@@ -492,12 +494,12 @@
492	494	if (ctx->enc_cd) {
493	495	/* rekeying */
494	496	dev = &GET_DEV(ctx->inst->accel_dev);
495		- memset(ctx->enc_cd, 0, sizeof(struct qat_alg_cd));
496		- memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));
497		- memset(&ctx->enc_fw_req_tmpl, 0,
498		- sizeof(struct icp_qat_fw_la_bulk_req));
499		- memset(&ctx->dec_fw_req_tmpl, 0,
500		- sizeof(struct icp_qat_fw_la_bulk_req));
	497	+ memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
	498	+ memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
	499	+ memzero_explicit(&ctx->enc_fw_req_tmpl,
	500	+ sizeof(struct icp_qat_fw_la_bulk_req));
	501	+ memzero_explicit(&ctx->dec_fw_req_tmpl,
	502	+ sizeof(struct icp_qat_fw_la_bulk_req));
501	503	} else {
502	504	/* new key */
503	505	int node = get_current_node();
504	506
...	...	@@ -534,10 +536,12 @@
534	536	return 0;
535	537
536	538	out_free_all:
	539	+ memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
537	540	dma_free_coherent(dev, sizeof(struct qat_alg_cd),
538	541	ctx->dec_cd, ctx->dec_cd_paddr);
539	542	ctx->dec_cd = NULL;
540	543	out_free_enc:
	544	+ memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
541	545	dma_free_coherent(dev, sizeof(struct qat_alg_cd),
542	546	ctx->enc_cd, ctx->enc_cd_paddr);
543	547	ctx->enc_cd = NULL;
...	...	@@ -832,7 +836,7 @@
832	836	{
833	837	struct qat_alg_session_ctx *ctx = crypto_tfm_ctx(tfm);
834	838
835		- memset(ctx, '\0', sizeof(*ctx));
	839	+ memzero_explicit(ctx, sizeof(*ctx));
836	840	ctx->hash_tfm = crypto_alloc_shash(hash_name, 0, 0);
837	841	if (IS_ERR(ctx->hash_tfm))
838	842	return -EFAULT;
839	843
840	844
...	...	@@ -872,12 +876,16 @@
872	876	return;
873	877
874	878	dev = &GET_DEV(inst->accel_dev);
875		- if (ctx->enc_cd)
	879	+ if (ctx->enc_cd) {
	880	+ memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
876	881	dma_free_coherent(dev, sizeof(struct qat_alg_cd),
877	882	ctx->enc_cd, ctx->enc_cd_paddr);
878		- if (ctx->dec_cd)
	883	+ }
	884	+ if (ctx->dec_cd) {
	885	+ memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
879	886	dma_free_coherent(dev, sizeof(struct qat_alg_cd),
880	887	ctx->dec_cd, ctx->dec_cd_paddr);
	888	+ }
881	889	qat_crypto_put_instance(inst);
882	890	}
883	891