tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

crypto: hash - Use memzero_explicit() for clearing state

Without the barrier_data() inside memzero_explicit(), the compiler may
optimize away the state-clearing if it can tell that the state is not
used afterwards.

Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Arvind Sankar and committed by
Herbert Xu 458c0480 1762818f

+12 -8
+1 -1
arch/arm64/crypto/ghash-ce-glue.c
··· 168 168 put_unaligned_be64(ctx->digest[1], dst); 169 169 put_unaligned_be64(ctx->digest[0], dst + 8); 170 170 171 - *ctx = (struct ghash_desc_ctx){}; 171 + memzero_explicit(ctx, sizeof(*ctx)); 172 172 return 0; 173 173 } 174 174
+1 -1
arch/arm64/crypto/poly1305-glue.c
··· 177 177 } 178 178 179 179 poly1305_emit(&dctx->h, dst, dctx->s); 180 - *dctx = (struct poly1305_desc_ctx){}; 180 + memzero_explicit(dctx, sizeof(*dctx)); 181 181 } 182 182 EXPORT_SYMBOL(poly1305_final_arch); 183 183
+1 -1
arch/arm64/crypto/sha3-ce-glue.c
··· 94 94 if (digest_size & 4) 95 95 put_unaligned_le32(sctx->st[i], (__le32 *)digest); 96 96 97 - *sctx = (struct sha3_state){}; 97 + memzero_explicit(sctx, sizeof(*sctx)); 98 98 return 0; 99 99 } 100 100
+1 -1
arch/x86/crypto/poly1305_glue.c
··· 209 209 } 210 210 211 211 poly1305_simd_emit(&dctx->h, dst, dctx->s); 212 - *dctx = (struct poly1305_desc_ctx){}; 212 + memzero_explicit(dctx, sizeof(*dctx)); 213 213 } 214 214 EXPORT_SYMBOL(poly1305_final_arch); 215 215
+2 -1
include/crypto/sha1_base.h
··· 12 12 #include <crypto/sha.h> 13 13 #include <linux/crypto.h> 14 14 #include <linux/module.h> 15 + #include <linux/string.h> 15 16 16 17 #include <asm/unaligned.h> 17 18 ··· 102 101 for (i = 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++) 103 102 put_unaligned_be32(sctx->state[i], digest++); 104 103 105 - *sctx = (struct sha1_state){}; 104 + memzero_explicit(sctx, sizeof(*sctx)); 106 105 return 0; 107 106 } 108 107
+2 -1
include/crypto/sha256_base.h
··· 12 12 #include <crypto/sha.h> 13 13 #include <linux/crypto.h> 14 14 #include <linux/module.h> 15 + #include <linux/string.h> 15 16 16 17 #include <asm/unaligned.h> 17 18 ··· 106 105 for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be32)) 107 106 put_unaligned_be32(sctx->state[i], digest++); 108 107 109 - *sctx = (struct sha256_state){}; 108 + memzero_explicit(sctx, sizeof(*sctx)); 110 109 return 0; 111 110 } 112 111
+2 -1
include/crypto/sha512_base.h
··· 12 12 #include <crypto/sha.h> 13 13 #include <linux/crypto.h> 14 14 #include <linux/module.h> 15 + #include <linux/string.h> 15 16 16 17 #include <asm/unaligned.h> 17 18 ··· 127 126 for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be64)) 128 127 put_unaligned_be64(sctx->state[i], digest++); 129 128 130 - *sctx = (struct sha512_state){}; 129 + memzero_explicit(sctx, sizeof(*sctx)); 131 130 return 0; 132 131 } 133 132
+2 -1
include/crypto/sm3_base.h
··· 13 13 #include <crypto/sm3.h> 14 14 #include <linux/crypto.h> 15 15 #include <linux/module.h> 16 + #include <linux/string.h> 16 17 #include <asm/unaligned.h> 17 18 18 19 typedef void (sm3_block_fn)(struct sm3_state *sst, u8 const *src, int blocks); ··· 105 104 for (i = 0; i < SM3_DIGEST_SIZE / sizeof(__be32); i++) 106 105 put_unaligned_be32(sctx->state[i], digest++); 107 106 108 - *sctx = (struct sm3_state){}; 107 + memzero_explicit(sctx, sizeof(*sctx)); 109 108 return 0; 110 109 } 111 110