Commit aa408d6019775c1b4362895df7929a043fa79804
Committed by
Herbert Xu
1 parent
52744af3af
Exists in
ti-lsk-linux-4.1.y
and in
10 other branches
crypto: qat - Use memzero_explicit
Use the new memzero_explicit function to cleanup sensitive data. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 1 changed file with 22 additions and 14 deletions Side-by-side Diff
drivers/crypto/qat/qat_common/qat_algs.c
... | ... | @@ -161,7 +161,7 @@ |
161 | 161 | __be64 *hash512_state_out; |
162 | 162 | int i, offset; |
163 | 163 | |
164 | - memset(auth_state.data, '\0', MAX_AUTH_STATE_SIZE + 64); | |
164 | + memzero_explicit(auth_state.data, MAX_AUTH_STATE_SIZE + 64); | |
165 | 165 | shash->tfm = ctx->hash_tfm; |
166 | 166 | shash->flags = 0x0; |
167 | 167 | |
168 | 168 | |
... | ... | @@ -174,13 +174,13 @@ |
174 | 174 | |
175 | 175 | memcpy(ipad, buff, digest_size); |
176 | 176 | memcpy(opad, buff, digest_size); |
177 | - memset(ipad + digest_size, 0, block_size - digest_size); | |
178 | - memset(opad + digest_size, 0, block_size - digest_size); | |
177 | + memzero_explicit(ipad + digest_size, block_size - digest_size); | |
178 | + memzero_explicit(opad + digest_size, block_size - digest_size); | |
179 | 179 | } else { |
180 | 180 | memcpy(ipad, auth_key, auth_keylen); |
181 | 181 | memcpy(opad, auth_key, auth_keylen); |
182 | - memset(ipad + auth_keylen, 0, block_size - auth_keylen); | |
183 | - memset(opad + auth_keylen, 0, block_size - auth_keylen); | |
182 | + memzero_explicit(ipad + auth_keylen, block_size - auth_keylen); | |
183 | + memzero_explicit(opad + auth_keylen, block_size - auth_keylen); | |
184 | 184 | } |
185 | 185 | |
186 | 186 | for (i = 0; i < block_size; i++) { |
... | ... | @@ -254,6 +254,8 @@ |
254 | 254 | default: |
255 | 255 | return -EFAULT; |
256 | 256 | } |
257 | + memzero_explicit(ipad, block_size); | |
258 | + memzero_explicit(opad, block_size); | |
257 | 259 | return 0; |
258 | 260 | } |
259 | 261 | |
... | ... | @@ -492,12 +494,12 @@ |
492 | 494 | if (ctx->enc_cd) { |
493 | 495 | /* rekeying */ |
494 | 496 | dev = &GET_DEV(ctx->inst->accel_dev); |
495 | - memset(ctx->enc_cd, 0, sizeof(struct qat_alg_cd)); | |
496 | - memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd)); | |
497 | - memset(&ctx->enc_fw_req_tmpl, 0, | |
498 | - sizeof(struct icp_qat_fw_la_bulk_req)); | |
499 | - memset(&ctx->dec_fw_req_tmpl, 0, | |
500 | - sizeof(struct icp_qat_fw_la_bulk_req)); | |
497 | + memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd)); | |
498 | + memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd)); | |
499 | + memzero_explicit(&ctx->enc_fw_req_tmpl, | |
500 | + sizeof(struct icp_qat_fw_la_bulk_req)); | |
501 | + memzero_explicit(&ctx->dec_fw_req_tmpl, | |
502 | + sizeof(struct icp_qat_fw_la_bulk_req)); | |
501 | 503 | } else { |
502 | 504 | /* new key */ |
503 | 505 | int node = get_current_node(); |
504 | 506 | |
... | ... | @@ -534,10 +536,12 @@ |
534 | 536 | return 0; |
535 | 537 | |
536 | 538 | out_free_all: |
539 | + memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd)); | |
537 | 540 | dma_free_coherent(dev, sizeof(struct qat_alg_cd), |
538 | 541 | ctx->dec_cd, ctx->dec_cd_paddr); |
539 | 542 | ctx->dec_cd = NULL; |
540 | 543 | out_free_enc: |
544 | + memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd)); | |
541 | 545 | dma_free_coherent(dev, sizeof(struct qat_alg_cd), |
542 | 546 | ctx->enc_cd, ctx->enc_cd_paddr); |
543 | 547 | ctx->enc_cd = NULL; |
... | ... | @@ -832,7 +836,7 @@ |
832 | 836 | { |
833 | 837 | struct qat_alg_session_ctx *ctx = crypto_tfm_ctx(tfm); |
834 | 838 | |
835 | - memset(ctx, '\0', sizeof(*ctx)); | |
839 | + memzero_explicit(ctx, sizeof(*ctx)); | |
836 | 840 | ctx->hash_tfm = crypto_alloc_shash(hash_name, 0, 0); |
837 | 841 | if (IS_ERR(ctx->hash_tfm)) |
838 | 842 | return -EFAULT; |
839 | 843 | |
840 | 844 | |
... | ... | @@ -872,12 +876,16 @@ |
872 | 876 | return; |
873 | 877 | |
874 | 878 | dev = &GET_DEV(inst->accel_dev); |
875 | - if (ctx->enc_cd) | |
879 | + if (ctx->enc_cd) { | |
880 | + memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd)); | |
876 | 881 | dma_free_coherent(dev, sizeof(struct qat_alg_cd), |
877 | 882 | ctx->enc_cd, ctx->enc_cd_paddr); |
878 | - if (ctx->dec_cd) | |
883 | + } | |
884 | + if (ctx->dec_cd) { | |
885 | + memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd)); | |
879 | 886 | dma_free_coherent(dev, sizeof(struct qat_alg_cd), |
880 | 887 | ctx->dec_cd, ctx->dec_cd_paddr); |
888 | + } | |
881 | 889 | qat_crypto_put_instance(inst); |
882 | 890 | } |
883 | 891 |