2021-03-26 01:24:26

by yekai (A)

Subject: [PATCH 0/3] crypto: replace memset by memzero_explicit

use memzero_explicit instead of memset to clear sensitive data,
such as buffer or key.

Kai Ye (3):
crypto: atmel - use memzero_explicit() for clearing data
crypto: qce - use memzero_explicit() for clearing data
crypto: stm32 - use memzero_explicit() for clearing data

drivers/crypto/atmel-sha.c | 2 +-
drivers/crypto/qce/sha.c | 1 +
drivers/crypto/stm32/stm32-cryp.c | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)

--
2.8.1

2021-03-26 01:24:26

by yekai (A)

Subject: [PATCH 2/3] crypto: qce - use memzero_explicit() for clearing data

use memzero_explicit instead of memset to clear sensitive data.

Signed-off-by: Kai Ye <[email protected]>
---
drivers/crypto/qce/sha.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c
index 61c418c..cb9b3da 100644
--- a/drivers/crypto/qce/sha.c
+++ b/drivers/crypto/qce/sha.c
@@ -415,6 +415,7 @@ static int qce_ahash_hmac_setkey(struct crypto_ahash *tfm, const u8 *key,

ret = crypto_wait_req(crypto_ahash_digest(req), &wait);

+ memzero_explicit(buf, keylen + QCE_MAX_ALIGN_SIZE);
kfree(buf);
err_free_req:
ahash_request_free(req);
--
2.8.1

2021-03-26 01:24:26

by yekai (A)

Subject: [PATCH 3/3] crypto: stm32 - use memzero_explicit() for clearing data

use memzero_explicit instead of memset to clear sensitive data

Signed-off-by: Kai Ye <[email protected]>
---
drivers/crypto/stm32/stm32-cryp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index 2a479317..c4297e80 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -675,7 +675,7 @@ static void stm32_cryp_finish_req(struct stm32_cryp *cryp, int err)
crypto_finalize_skcipher_request(cryp->engine, cryp->req,
err);

- memset(cryp->ctx->key, 0, cryp->ctx->keylen);
+ memzero_explicit(cryp->ctx->key, cryp->ctx->keylen);
}

static int stm32_cryp_cpu_start(struct stm32_cryp *cryp)
--
2.8.1

2021-03-26 01:24:26

by yekai (A)

Subject: [PATCH 1/3] crypto: atmel - use memzero_explicit() for clearing data

use memzero_explicit instead of memset to clear sensitive data, such as key.

Signed-off-by: Kai Ye <[email protected]>
---
drivers/crypto/atmel-sha.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/atmel-sha.c b/drivers/crypto/atmel-sha.c
index 352d80c..4a08b2a 100644
--- a/drivers/crypto/atmel-sha.c
+++ b/drivers/crypto/atmel-sha.c
@@ -1622,7 +1622,7 @@ static inline void atmel_sha_hmac_key_init(struct atmel_sha_hmac_key *hkey)
static inline void atmel_sha_hmac_key_release(struct atmel_sha_hmac_key *hkey)
{
kfree(hkey->keydup);
- memset(hkey, 0, sizeof(*hkey));
+ memzero_explicit(hkey, sizeof(*hkey));
}

static inline int atmel_sha_hmac_key_set(struct atmel_sha_hmac_key *hkey,
--
2.8.1

2021-04-02 07:07:04

by Herbert Xu

Subject: Re: [PATCH 0/3] crypto: replace memset by memzero_explicit

On Fri, Mar 26, 2021 at 09:20:45AM +0800, Kai Ye wrote:
> use memzero_explicit instead of memset to clear sensitive data,
> such as buffer or key.

Does this fix a real issue? If not then it's just unnecessary
churn.

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt