Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit aa408d60 authored by Struk, Tadeusz's avatar Struk, Tadeusz Committed by Herbert Xu
Browse files

crypto: qat - Use memzero_explicit 



Use the new memzero_explicit function to cleanup sensitive data.

Signed-off-by: default avatarTadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 52744af3

drivers/crypto/qat/qat_common/qat_algs.c

+22 −14
Original line number Diff line number Diff line
@@ -161,7 +161,7 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash, 
	__be64 *hash512_state_out;

	int i, offset;



	memset(auth_state.data, '\0', MAX_AUTH_STATE_SIZE + 64);

	memzero_explicit(auth_state.data, MAX_AUTH_STATE_SIZE + 64);

	shash->tfm = ctx->hash_tfm;

	shash->flags = 0x0;
@@ -174,13 +174,13 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash, 


		memcpy(ipad, buff, digest_size);

		memcpy(opad, buff, digest_size);

		memset(ipad + digest_size, 0, block_size - digest_size);

		memset(opad + digest_size, 0, block_size - digest_size);

		memzero_explicit(ipad + digest_size, block_size - digest_size);

		memzero_explicit(opad + digest_size, block_size - digest_size);

	} else {

		memcpy(ipad, auth_key, auth_keylen);

		memcpy(opad, auth_key, auth_keylen);

		memset(ipad + auth_keylen, 0, block_size - auth_keylen);

		memset(opad + auth_keylen, 0, block_size - auth_keylen);

		memzero_explicit(ipad + auth_keylen, block_size - auth_keylen);

		memzero_explicit(opad + auth_keylen, block_size - auth_keylen);

	}



	for (i = 0; i < block_size; i++) {
@@ -254,6 +254,8 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash, 
	default:

		return -EFAULT;

	}

	memzero_explicit(ipad, block_size);

	memzero_explicit(opad, block_size);

	return 0;

}
@@ -492,11 +494,11 @@ static int qat_alg_setkey(struct crypto_aead *tfm, const uint8_t *key, 
	if (ctx->enc_cd) {

		/* rekeying */

		dev = &GET_DEV(ctx->inst->accel_dev);

		memset(ctx->enc_cd, 0, sizeof(struct qat_alg_cd));

		memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));

		memset(&ctx->enc_fw_req_tmpl, 0,

		memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));

		memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));

		memzero_explicit(&ctx->enc_fw_req_tmpl,

				 sizeof(struct icp_qat_fw_la_bulk_req));

		memset(&ctx->dec_fw_req_tmpl, 0,

		memzero_explicit(&ctx->dec_fw_req_tmpl,

				 sizeof(struct icp_qat_fw_la_bulk_req));

	} else {

		/* new key */
@@ -534,10 +536,12 @@ static int qat_alg_setkey(struct crypto_aead *tfm, const uint8_t *key, 
	return 0;



out_free_all:

	memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));

	dma_free_coherent(dev, sizeof(struct qat_alg_cd),

			  ctx->dec_cd, ctx->dec_cd_paddr);

	ctx->dec_cd = NULL;

out_free_enc:

	memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));

	dma_free_coherent(dev, sizeof(struct qat_alg_cd),

			  ctx->enc_cd, ctx->enc_cd_paddr);

	ctx->enc_cd = NULL;
@@ -832,7 +836,7 @@ static int qat_alg_init(struct crypto_tfm *tfm, 
{

	struct qat_alg_session_ctx *ctx = crypto_tfm_ctx(tfm);



	memset(ctx, '\0', sizeof(*ctx));

	memzero_explicit(ctx, sizeof(*ctx));

	ctx->hash_tfm = crypto_alloc_shash(hash_name, 0, 0);

	if (IS_ERR(ctx->hash_tfm))

		return -EFAULT;
@@ -872,12 +876,16 @@ static void qat_alg_exit(struct crypto_tfm *tfm) 
		return;



	dev = &GET_DEV(inst->accel_dev);

	if (ctx->enc_cd)

	if (ctx->enc_cd) {

		memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));

		dma_free_coherent(dev, sizeof(struct qat_alg_cd),

				  ctx->enc_cd, ctx->enc_cd_paddr);

	if (ctx->dec_cd)

	}

	if (ctx->dec_cd) {

		memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));

		dma_free_coherent(dev, sizeof(struct qat_alg_cd),

				  ctx->dec_cd, ctx->dec_cd_paddr);

	}

	qat_crypto_put_instance(inst);

}