use memzero_explicit instead of memset to clear sensitive data,
such as buffer or key.
Kai Ye (3):
crypto: atmel - use memzero_explicit() for clearing data
crypto: qce - use memzero_explicit() for clearing data
crypto: stm32 - use memzero_explicit() for clearing data
drivers/crypto/atmel-sha.c | 2 +-
drivers/crypto/qce/sha.c | 1 +
drivers/crypto/stm32/stm32-cryp.c | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
--
2.8.1
use memzero_explicit instead of memset to clear sensitive data.
Signed-off-by: Kai Ye <[email protected]>
---
drivers/crypto/qce/sha.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c
index 61c418c..cb9b3da 100644
--- a/drivers/crypto/qce/sha.c
+++ b/drivers/crypto/qce/sha.c
@@ -415,6 +415,7 @@ static int qce_ahash_hmac_setkey(struct crypto_ahash *tfm, const u8 *key,
ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
+ memzero_explicit(buf, keylen + QCE_MAX_ALIGN_SIZE);
kfree(buf);
err_free_req:
ahash_request_free(req);
--
2.8.1
use memzero_explicit instead of memset to clear sensitive data
Signed-off-by: Kai Ye <[email protected]>
---
drivers/crypto/stm32/stm32-cryp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
index 2a479317..c4297e80 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -675,7 +675,7 @@ static void stm32_cryp_finish_req(struct stm32_cryp *cryp, int err)
crypto_finalize_skcipher_request(cryp->engine, cryp->req,
err);
- memset(cryp->ctx->key, 0, cryp->ctx->keylen);
+ memzero_explicit(cryp->ctx->key, cryp->ctx->keylen);
}
static int stm32_cryp_cpu_start(struct stm32_cryp *cryp)
--
2.8.1
use memzero_explicit instead of memset to clear sensitive data, such as key.
Signed-off-by: Kai Ye <[email protected]>
---
drivers/crypto/atmel-sha.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/atmel-sha.c b/drivers/crypto/atmel-sha.c
index 352d80c..4a08b2a 100644
--- a/drivers/crypto/atmel-sha.c
+++ b/drivers/crypto/atmel-sha.c
@@ -1622,7 +1622,7 @@ static inline void atmel_sha_hmac_key_init(struct atmel_sha_hmac_key *hkey)
static inline void atmel_sha_hmac_key_release(struct atmel_sha_hmac_key *hkey)
{
kfree(hkey->keydup);
- memset(hkey, 0, sizeof(*hkey));
+ memzero_explicit(hkey, sizeof(*hkey));
}
static inline int atmel_sha_hmac_key_set(struct atmel_sha_hmac_key *hkey,
--
2.8.1
On Fri, Mar 26, 2021 at 09:20:45AM +0800, Kai Ye wrote:
> use memzero_explicit instead of memset to clear sensitive data,
> such as buffer or key.
Does this fix a real issue? If not then it's just unnecessary
churn.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt