Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1579208imu;
        Wed, 28 Nov 2018 11:38:06 -0800 (PST)
X-Google-Smtp-Source: AFSGD/XSXjHfs0KwWrdLlQsR6jVP4NwcPkPBi6NnLrrosl8gqawRnqXb6WFhaEmqyZ3HKf9HPzHt
X-Received: by 2002:a17:902:bc3:: with SMTP id 61mr30214963plr.15.1543433886234;
        Wed, 28 Nov 2018 11:38:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1543433886; cv=none;
        d=google.com; s=arc-20160816;
        b=pVskQ27GroVCQc0LclVrqPofF2A8mLvHGtNG9xA1YUdIZmz+PI7PTr4uVlTq2ZORBx
         ICLJldc7JPpwPBAO/nr9o8zzALUkidWbkOG+uLBWO14VBX2GsUL2JmbAiYoqy53gT373
         NBIyGDwHCpkzsx85i7LIbDiSPtwp/nKHaVI8atYli2cJxbIwiz2pTHZsPKGHS/i7pdO5
         IR2pfBZkHaXtlSeRPn/25eHVnWA6AAX+PqkbRN08xQWdDwUfLEv9Mdq8WsNww7qYsuzo
         q2g0snvjyeyb8gQb56C6ZZeajA9Jy7x4EjbMzxsz/EAqHPWmyqVK+D94nWe/Xn4oGbXU
         nocA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:subject:message-id:date:from
         :mime-version:dkim-signature;
        bh=ReO1NxsHQr0nrhx5o7RHDRNgbi14w3THYIVL3jM9psk=;
        b=meLP5kzGTNvb1vIGLjBcv08gf2fNYkibXlOdwBM/rt3Y6S2JpgTEuu2n2IHCMTQWcV
         0ocYpFoassbxRyTuBrq1WHcHbt048jN0G9uqfQ4FTFL0GEIWhXqLkqHgch1jAV569J2A
         sADeudiahatHE06myVhbuQ4dof8l9zgudf+CErhp6bnat65YVg5j0yLDTTepJaDrmZD7
         VggnttK4QnJggABAAn41Q3Vh0AdU+PopKKtJVLfSkUIdvEqkQPintYUMpa2v/5Hoy6dw
         0gv3prSLdIhBFejVVRIFya9USxTHnj+fPqYGCIMTbt792fWg2UBxW4cvt1vQpk4syJJE
         OA6g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="HAMp/7aZ";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b124si8858404pfg.47.2018.11.28.11.37.50;
        Wed, 28 Nov 2018 11:38:06 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b="HAMp/7aZ";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728569AbeK2Gjq (ORCPT <rfc822;ntypanski@gmail.com> + 99 others);
        Thu, 29 Nov 2018 01:39:46 -0500
Received: from mail-oi1-f195.google.com ([209.85.167.195]:38952 "EHLO
        mail-oi1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725994AbeK2Gjq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 29 Nov 2018 01:39:46 -0500
Received: by mail-oi1-f195.google.com with SMTP id i6so12012103oia.6;
        Wed, 28 Nov 2018 11:37:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=ReO1NxsHQr0nrhx5o7RHDRNgbi14w3THYIVL3jM9psk=;
        b=HAMp/7aZkfnAlmrcCI7FNUgNuEy+W+HqaS06tmnNJKrh7THuQSBpmIMt4D2dLTCE/d
         NfxVKboALwoSJFlu1HORgWP+W3zkoQtZnOUdypNodza3IAH8T1B9W+lfob0n8K8Hr6s8
         rFpR3TC2yYLy0mvDGgxXUx9l0uLTSOMg7eLVlZzrv3tGXa3of45sPwYjSuLtDYlLr3F+
         kfV1MzVJ27bcMlm51uY3EmGxXBIi1FLh99M8uCe57yuczSfrzF4LJatKwid45pLUfvaU
         jAYHJPkuXZo51cmfTx3vowIRL2J7/o3oOlw5jG35zyQxTdqEHA6qvAAP1a/T43EZ4GvQ
         pLew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=ReO1NxsHQr0nrhx5o7RHDRNgbi14w3THYIVL3jM9psk=;
        b=f3tyxrEMI5xhIsL0YPkYyB4EciOStT1RRM+BM9fpLNtR1kTJV+69W5QdY8tL6r01+Y
         0Q85IPaqlxlrf79ShSgKgI6x7ZzE0jB0nP6bNHfEwgGXfkNTGVCXOJP+5of2DAFcLNW4
         W9ZODmRCajS20Pk1wOGe9tTVaPlDtu9YutIRFpY0aVzT4111pbaW4Tu/N+xcuOFwGAia
         vNRIFn6ABgUPq46vWvEA9dtY6GBM11R57vd7yktwnw6wUe1XgRNjdxgBmF97X+N8zPjv
         TvRKLkgJD4KbL8cWZmCOPRnOs4fFgBiRlWq4u7VIzq+TPTjZbwdKYwDi3uchh/yhDztw
         zjdQ==
X-Gm-Message-State: AA+aEWbEqxvk02lBeKESPJIVViY34cw943OgaLqsj5XXT0i8SyEI25Rp
        GjWsjVprXU4JQg/DD6UkwvriUmNMhe7Bw5dZBaunuHksvhOvXA==
X-Received: by 2002:aca:e003:: with SMTP id x3mr14042196oig.39.1543433821246;
 Wed, 28 Nov 2018 11:37:01 -0800 (PST)
MIME-Version: 1.0
From:   David CARLIER <devnexen@gmail.com>
Date:   Wed, 28 Nov 2018 19:36:50 +0000
Message-ID: <CA+XhMqz7ZaGVNpkrRM-t4h2f9UZVQPjLVB5Txco4bKGRm8k=mA@mail.gmail.com>
Subject: [PATCH] crypto: use memzero_explicit instead of memset to clear contexts.
To:     linux-kernel@vger.kernel.org,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

There might be a little performance drop but to make sure it stands
by it comments, we really wipe the whole context after usage.
---
 crypto/chacha20poly1305.c | 3 ++-
 crypto/md5.c              | 2 +-
 crypto/rmd128.c           | 3 ++-
 crypto/rmd160.c           | 3 ++-
 crypto/rmd256.c           | 3 ++-
 crypto/rmd320.c           | 3 ++-
 crypto/sha3_generic.c     | 3 ++-
 7 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c
index 600afa99941f..6e93d998109e 100644
--- a/crypto/chacha20poly1305.c
+++ b/crypto/chacha20poly1305.c
@@ -19,6 +19,7 @@
 #include <linux/init.h>
 #include <linux/kernel.h>
 #include <linux/module.h>
+#include <linux/string.h>

 #include "internal.h"

@@ -388,7 +389,7 @@ static int poly_genkey(struct aead_request *req)
        }

        sg_init_table(creq->src, 1);
-       memset(rctx->key, 0, sizeof(rctx->key));
+       memzero_explicit(rctx->key, sizeof(rctx->key));
        sg_set_buf(creq->src, rctx->key, sizeof(rctx->key));

        chacha_iv(creq->iv, req, 0);
diff --git a/crypto/md5.c b/crypto/md5.c
index 94dd78144ba3..00d384e8784c 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -197,7 +197,7 @@ static int md5_final(struct shash_desc *desc, u8 *out)
        md5_transform(mctx->hash, mctx->block);
        cpu_to_le32_array(mctx->hash, sizeof(mctx->hash) / sizeof(u32));
        memcpy(out, mctx->hash, sizeof(mctx->hash));
-       memset(mctx, 0, sizeof(*mctx));
+       memzero_explicit(mctx, sizeof(*mctx));

        return 0;
 }
diff --git a/crypto/rmd128.c b/crypto/rmd128.c
index 5f4472256e27..5e01cd7130c7 100644
--- a/crypto/rmd128.c
+++ b/crypto/rmd128.c
@@ -17,6 +17,7 @@
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/mm.h>
+#include <linux/string.h>
 #include <linux/types.h>
 #include <asm/byteorder.h>

@@ -290,7 +291,7 @@ static int rmd128_final(struct shash_desc *desc, u8 *out)
                dst[i] = cpu_to_le32p(&rctx->state[i]);

        /* Wipe context */
-       memset(rctx, 0, sizeof(*rctx));
+       memzero_explicit(rctx, sizeof(*rctx));

        return 0;
 }
diff --git a/crypto/rmd160.c b/crypto/rmd160.c
index 737645344d1c..2381d134443c 100644
--- a/crypto/rmd160.c
+++ b/crypto/rmd160.c
@@ -17,6 +17,7 @@
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/mm.h>
+#include <linux/string.h>
 #include <linux/types.h>
 #include <asm/byteorder.h>

@@ -334,7 +335,7 @@ static int rmd160_final(struct shash_desc *desc, u8 *out)
                dst[i] = cpu_to_le32p(&rctx->state[i]);

        /* Wipe context */
-       memset(rctx, 0, sizeof(*rctx));
+       memzero_explicit(rctx, sizeof(*rctx));

        return 0;
 }
diff --git a/crypto/rmd256.c b/crypto/rmd256.c
index 0e9d30676a01..3db0f6653607 100644
--- a/crypto/rmd256.c
+++ b/crypto/rmd256.c
@@ -17,6 +17,7 @@
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/mm.h>
+#include <linux/string.h>
 #include <linux/types.h>
 #include <asm/byteorder.h>

@@ -309,7 +310,7 @@ static int rmd256_final(struct shash_desc *desc, u8 *out)
                dst[i] = cpu_to_le32p(&rctx->state[i]);

        /* Wipe context */
-       memset(rctx, 0, sizeof(*rctx));
+       memzero_explicit(rctx, sizeof(*rctx));

        return 0;
 }
diff --git a/crypto/rmd320.c b/crypto/rmd320.c
index 3ae1df5bb48c..e0e1a71d0144 100644
--- a/crypto/rmd320.c
+++ b/crypto/rmd320.c
@@ -17,6 +17,7 @@
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/mm.h>
+#include <linux/string.h>
 #include <linux/types.h>
 #include <asm/byteorder.h>

@@ -358,7 +359,7 @@ static int rmd320_final(struct shash_desc *desc, u8 *out)
                dst[i] = cpu_to_le32p(&rctx->state[i]);

        /* Wipe context */
-       memset(rctx, 0, sizeof(*rctx));
+       memzero_explicit(rctx, sizeof(*rctx));

        return 0;
 }
diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c
index 7ed98367d4fb..ae30a035d371 100644
--- a/crypto/sha3_generic.c
+++ b/crypto/sha3_generic.c
@@ -17,6 +17,7 @@
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/types.h>
+#include <linux/string.h>
 #include <crypto/sha3.h>
 #include <asm/unaligned.h>

@@ -237,7 +238,7 @@ int crypto_sha3_final(struct shash_desc *desc, u8 *out)
        if (digest_size & 4)
                put_unaligned_le32(sctx->st[i], (__le32 *)digest);

-       memset(sctx, 0, sizeof(*sctx));
+       memzero_explicit(sctx, sizeof(*sctx));
        return 0;
 }
 EXPORT_SYMBOL(crypto_sha3_final);