tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
crypto: qat - Use memzero_explicit
Use the new memzero_explicit function to cleanup sensitive data.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
authored by
Struk, Tadeusz
and committed by
Herbert Xu
aa408d60
52744af3
+22
-14
+22
-14
drivers/crypto/qat/qat_common/qat_algs.c
+22
-14
drivers/crypto/qat/qat_common/qat_algs.c
···
161
161
__be64 *hash512_state_out;
162
162
int i, offset;
163
163
164
-
memset(auth_state.data, '\0', MAX_AUTH_STATE_SIZE + 64);
164
+
memzero_explicit(auth_state.data, MAX_AUTH_STATE_SIZE + 64);
165
165
shash->tfm = ctx->hash_tfm;
166
166
shash->flags = 0x0;
167
167
···
174
174
175
175
memcpy(ipad, buff, digest_size);
176
176
memcpy(opad, buff, digest_size);
177
-
memset(ipad + digest_size, 0, block_size - digest_size);
178
-
memset(opad + digest_size, 0, block_size - digest_size);
177
+
memzero_explicit(ipad + digest_size, block_size - digest_size);
178
+
memzero_explicit(opad + digest_size, block_size - digest_size);
179
179
} else {
180
180
memcpy(ipad, auth_key, auth_keylen);
181
181
memcpy(opad, auth_key, auth_keylen);
182
-
memset(ipad + auth_keylen, 0, block_size - auth_keylen);
183
-
memset(opad + auth_keylen, 0, block_size - auth_keylen);
182
+
memzero_explicit(ipad + auth_keylen, block_size - auth_keylen);
183
+
memzero_explicit(opad + auth_keylen, block_size - auth_keylen);
184
184
}
185
185
186
186
for (i = 0; i < block_size; i++) {
···
254
254
default:
255
255
return -EFAULT;
256
256
}
257
+
memzero_explicit(ipad, block_size);
258
+
memzero_explicit(opad, block_size);
257
259
return 0;
258
260
}
259
261
···
494
492
if (ctx->enc_cd) {
495
493
/* rekeying */
496
494
dev = &GET_DEV(ctx->inst->accel_dev);
497
-
memset(ctx->enc_cd, 0, sizeof(struct qat_alg_cd));
498
-
memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));
499
-
memset(&ctx->enc_fw_req_tmpl, 0,
500
-
sizeof(struct icp_qat_fw_la_bulk_req));
501
-
memset(&ctx->dec_fw_req_tmpl, 0,
502
-
sizeof(struct icp_qat_fw_la_bulk_req));
495
+
memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
496
+
memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
497
+
memzero_explicit(&ctx->enc_fw_req_tmpl,
498
+
sizeof(struct icp_qat_fw_la_bulk_req));
499
+
memzero_explicit(&ctx->dec_fw_req_tmpl,
500
+
sizeof(struct icp_qat_fw_la_bulk_req));
503
501
} else {
504
502
/* new key */
505
503
int node = get_current_node();
···
536
534
return 0;
537
535
538
536
out_free_all:
537
+
memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
539
538
dma_free_coherent(dev, sizeof(struct qat_alg_cd),
540
539
ctx->dec_cd, ctx->dec_cd_paddr);
541
540
ctx->dec_cd = NULL;
542
541
out_free_enc:
542
+
memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
543
543
dma_free_coherent(dev, sizeof(struct qat_alg_cd),
544
544
ctx->enc_cd, ctx->enc_cd_paddr);
545
545
ctx->enc_cd = NULL;
···
836
832
{
837
833
struct qat_alg_session_ctx *ctx = crypto_tfm_ctx(tfm);
838
834
839
-
memset(ctx, '\0', sizeof(*ctx));
835
+
memzero_explicit(ctx, sizeof(*ctx));
840
836
ctx->hash_tfm = crypto_alloc_shash(hash_name, 0, 0);
841
837
if (IS_ERR(ctx->hash_tfm))
842
838
return -EFAULT;
···
876
872
return;
877
873
878
874
dev = &GET_DEV(inst->accel_dev);
879
-
if (ctx->enc_cd)
875
+
if (ctx->enc_cd) {
876
+
memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
880
877
dma_free_coherent(dev, sizeof(struct qat_alg_cd),
881
878
ctx->enc_cd, ctx->enc_cd_paddr);
882
-
if (ctx->dec_cd)
879
+
}
880
+
if (ctx->dec_cd) {
881
+
memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
883
882
dma_free_coherent(dev, sizeof(struct qat_alg_cd),
884
883
ctx->dec_cd, ctx->dec_cd_paddr);
884
+
}
885
885
qat_crypto_put_instance(inst);
886
886
}
887
887