Commit a6326ba0 authored Nov 30, 2014 by Julia Lawall Committed by Herbert Xu Dec 02, 2014

crypto: sha - replace memset by memzero_explicit

Memset on a local variable may be removed when it is called just before the
variable goes out of scope.  Using memzero_explicit defeats this
optimization.  A simplified version of the semantic patch that makes this
change is as follows: (http://coccinelle.lip6.fr/

)

// <smpl>
@@
identifier x;
type T;
@@

{
... when any
T x[...];
... when any
    when exists
- memset
+ memzero_explicit
  (x,
-0,
  ...)
... when != x
    when strict
}
// </smpl>

This change was suggested by Daniel Borkmann <dborkman@redhat.com>

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

parent 8202cd72

arch/x86/crypto/sha256_ssse3_glue.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -211,7 +211,7 @@ static int sha224_ssse3_final(struct shash_desc desc, u8 hash)
		sha256_ssse3_final(desc, D);

		memcpy(hash, D, SHA224_DIGEST_SIZE);
		memset(D, 0, SHA256_DIGEST_SIZE);
		memzero_explicit(D, SHA256_DIGEST_SIZE);

		return 0;
		}

arch/x86/crypto/sha512_ssse3_glue.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -219,7 +219,7 @@ static int sha384_ssse3_final(struct shash_desc desc, u8 hash)
		sha512_ssse3_final(desc, D);

		memcpy(hash, D, SHA384_DIGEST_SIZE);
		memset(D, 0, SHA512_DIGEST_SIZE);
		memzero_explicit(D, SHA512_DIGEST_SIZE);

		return 0;
		}