From patchwork Mon Nov 24 15:21:16 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nickolaus Woodruff X-Patchwork-Id: 5368001 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Original-To: patchwork-linux-crypto@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 3B9729F2F5 for ; Mon, 24 Nov 2014 15:21:23 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 2FA622041F for ; Mon, 24 Nov 2014 15:21:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1B53F20411 for ; Mon, 24 Nov 2014 15:21:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752733AbaKXPVU (ORCPT ); Mon, 24 Nov 2014 10:21:20 -0500 Received: from mail-qg0-f52.google.com ([209.85.192.52]:62892 "EHLO mail-qg0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751215AbaKXPVT (ORCPT ); Mon, 24 Nov 2014 10:21:19 -0500 Received: by mail-qg0-f52.google.com with SMTP id a108so6941149qge.11 for ; Mon, 24 Nov 2014 07:21:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=0y+yYFoSvV2I/UDhu8zEeR6E47vS5BZTF8MUJv+sPn4=; b=03FoADtD2KAVVf+zKE+4Q6anlZpBMHHZzzpXIL7ZTIkWRkusAyEyt5BqO8xmszPbsZ 2pS2AefSXQEKxSnSwcE7YODuCb8/70o8NS1QzkUzYFroHcJ+oL/g+xCP1/hBrcwuozAp WByNCtI8iif0HlyL7lPngFy1KPX9vLzVjfuRWKzCJrBT/ssq5S9YD30C5xxbasTCl9QL P7+4hD5mSgnStVVIPc6ZnEhCYI6SkgSAGoVtf6k5g4kul+AwFxbA7uyTPxnfOphD3BeF vXdmT35SxEY2wRLB1EBujDGEulPBMEndpgIWzLvghJYzFj45QjD8oKEoLbC9YV0jrBFs 4YNQ== X-Received: by 10.224.46.131 with SMTP id j3mr28730499qaf.86.1416842478389; Mon, 24 Nov 2014 07:21:18 -0800 (PST) Received: from localhost ([173.161.149.177]) by mx.google.com with ESMTPSA id v16sm9410965qaw.30.2014.11.24.07.21.17 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Mon, 24 Nov 2014 07:21:17 -0800 (PST) Date: Mon, 24 Nov 2014 10:21:16 -0500 From: Nickolaus Woodruff To: herbert@gondor.apana.org.au, davem@davemloft.net Cc: linux-crypto@vger.kernel.org Subject: [PATCH] crypto: drbg: use memzero_explicit() for clearing sensitive data Message-ID: <20141124152116.GA31106@nick-ThinkPad-T430s> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Compiler dead store optimization can sometimes remove final calls to memset() used to clear sensitive data at the end of a function. Replace trailing memset() calls with memzero_explicit() to preclude unwanted removal. Signed-off-by: Nickolaus Woodruff --- crypto/drbg.c | 22 +++++++++++----------- include/crypto/drbg.h | 1 + 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/crypto/drbg.c b/crypto/drbg.c index 54cfd48..c6258ca 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c @@ -522,9 +522,9 @@ static int drbg_ctr_df(struct drbg_state *drbg, ret = 0; out: - memset(iv, 0, drbg_blocklen(drbg)); - memset(temp, 0, drbg_statelen(drbg)); - memset(pad, 0, drbg_blocklen(drbg)); + memzero_explicit(iv, drbg_blocklen(drbg)); + memzero_explicit(temp, drbg_statelen(drbg)); + memzero_explicit(pad, drbg_blocklen(drbg)); return ret; } @@ -599,9 +599,9 @@ static int drbg_ctr_update(struct drbg_state *drbg, struct list_head *seed, ret = 0; out: - memset(temp, 0, drbg_statelen(drbg) + drbg_blocklen(drbg)); + memzero_explicit(temp, drbg_statelen(drbg) + drbg_blocklen(drbg)); if (2 != reseed) - memset(df_data, 0, drbg_statelen(drbg)); + memzero_explicit(df_data, drbg_statelen(drbg)); return ret; } @@ -660,7 +660,7 @@ static int drbg_ctr_generate(struct drbg_state *drbg, len = ret; out: - memset(drbg->scratchpad, 0, drbg_blocklen(drbg)); + memzero_explicit(drbg->scratchpad, drbg_blocklen(drbg)); return len; } @@ -848,7 +848,7 @@ static int drbg_hash_df(struct drbg_state *drbg, } out: - memset(tmp, 0, drbg_blocklen(drbg)); + memzero_explicit(tmp, drbg_blocklen(drbg)); return ret; } @@ -892,7 +892,7 @@ static int drbg_hash_update(struct drbg_state *drbg, struct list_head *seed, ret = drbg_hash_df(drbg, drbg->C, drbg_statelen(drbg), &datalist2); out: - memset(drbg->scratchpad, 0, drbg_statelen(drbg)); + memzero_explicit(drbg->scratchpad, drbg_statelen(drbg)); return ret; } @@ -927,7 +927,7 @@ static int drbg_hash_process_addtl(struct drbg_state *drbg, drbg->scratchpad, drbg_blocklen(drbg)); out: - memset(drbg->scratchpad, 0, drbg_blocklen(drbg)); + memzero_explicit(drbg->scratchpad, drbg_blocklen(drbg)); return ret; } @@ -975,7 +975,7 @@ static int drbg_hash_hashgen(struct drbg_state *drbg, } out: - memset(drbg->scratchpad, 0, + memzero_explicit(drbg->scratchpad, (drbg_statelen(drbg) + drbg_blocklen(drbg))); return len; } @@ -1024,7 +1024,7 @@ static int drbg_hash_generate(struct drbg_state *drbg, drbg_add_buf(drbg->V, drbg_statelen(drbg), u.req, 8); out: - memset(drbg->scratchpad, 0, drbg_blocklen(drbg)); + memzero_explicit(drbg->scratchpad, drbg_blocklen(drbg)); return len; } diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h index 5186f75..13471a2 100644 --- a/include/crypto/drbg.h +++ b/include/crypto/drbg.h @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include