| Message ID | 20201025143119.1054168-2-nivedita@alum.mit.edu |
|---|---|
| State | Accepted |
| Commit | 1762818f25f3f99c5083caa13d69e5e5aa2e4b6f |
| Headers | show |
| Series | [v4,1/6] crypto: lib/sha256 - Use memzero_explicit() for clearing state | expand |
On Sun, 25 Oct 2020 at 15:31, Arvind Sankar <nivedita@alum.mit.edu> wrote: > > Without the barrier_data() inside memzero_explicit(), the compiler may > optimize away the state-clearing if it can tell that the state is not > used afterwards. At least in lib/crypto/sha256.c:__sha256_final(), the > function can get inlined into sha256(), in which case the memset is > optimized away. > > Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> > Reviewed-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> > --- > lib/crypto/sha256.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/crypto/sha256.c b/lib/crypto/sha256.c > index 2321f6cb322f..d43bc39ab05e 100644 > --- a/lib/crypto/sha256.c > +++ b/lib/crypto/sha256.c > @@ -265,7 +265,7 @@ static void __sha256_final(struct sha256_state *sctx, u8 *out, int digest_words) > put_unaligned_be32(sctx->state[i], &dst[i]); > > /* Zeroize sensitive information. */ > - memset(sctx, 0, sizeof(*sctx)); > + memzero_explicit(sctx, sizeof(*sctx)); > } > > void sha256_final(struct sha256_state *sctx, u8 *out) > -- > 2.26.2 >
diff --git a/lib/crypto/sha256.c b/lib/crypto/sha256.c index 2321f6cb322f..d43bc39ab05e 100644 --- a/lib/crypto/sha256.c +++ b/lib/crypto/sha256.c @@ -265,7 +265,7 @@ static void __sha256_final(struct sha256_state *sctx, u8 *out, int digest_words) put_unaligned_be32(sctx->state[i], &dst[i]); /* Zeroize sensitive information. */ - memset(sctx, 0, sizeof(*sctx)); + memzero_explicit(sctx, sizeof(*sctx)); } void sha256_final(struct sha256_state *sctx, u8 *out)