crypto: memzero_explicit - make sure to clear out sensitive data

Recently, in commit 13aa93c70e71 ("random: add and use memzero_explicit() for clearing data"), we have found that GCC may optimize some memset() cases away when it detects a stack variable is not being used anymore and going out of scope. This can happen, for example, in cases when we are clearing out sensitive information such as keying material or any e.g. intermediate results from crypto computations, etc. With the help of Coccinelle, we can figure out and fix such occurences in the crypto subsytem as well. Julia Lawall provided the following Coccinelle program: @@ type T; identifier x; @@ T x; ... when exists when any -memset +memzero_explicit (&x, -0, ...) ... when != x when strict @@ type T; identifier x; @@ T x[...]; ... when exists when any -memset +memzero_explicit (x, -0, ...) ... when != x when strict Therefore, make use of the drop-in replacement memzero_explicit() for exactly such cases instead of using memset(). Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Cc: Julia Lawall <julia.lawall@lip6.fr> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Theodore Ts'o <tytso@mit.edu> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
author: Daniel Borkmann <dborkman@redhat.com> 2014-09-07 17:23:38 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2014-10-17 11:44:07 -0400
commit: 7185ad2672a7d50bc384de0e38d90b75d99f3d82 (patch)
tree: bfad2f926347d9f23bc1e014ab347192e7592661 /crypto/cts.c
parent: d4c5efdb97773f59a2b711754ca0953f24516739 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/cts.c b/crypto/cts.c
index 042223f8e733..133f0874c95e 100644
--- a/crypto/cts.c
+++ b/crypto/cts.c
@@ -202,7 +202,8 @@ static int cts_cbc_decrypt(struct crypto_cts_ctx *ctx,
        /* 5. Append the tail (BB - Ln) bytes of Xn (tmp) to Cn to create En */
        memcpy(s + bsize + lastn, tmp + lastn, bsize - lastn);
        /* 6. Decrypt En to create Pn-1 */
-        memset(iv, 0, sizeof(iv));
+        memzero_explicit(iv, sizeof(iv));
        sg_set_buf(&sgsrc[0], s + bsize, bsize);
        sg_set_buf(&sgdst[0], d, bsize);
        err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
author	Daniel Borkmann <dborkman@redhat.com>	2014-09-07 17:23:38 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2014-10-17 11:44:07 -0400
commit	7185ad2672a7d50bc384de0e38d90b75d99f3d82 (patch)
tree	bfad2f926347d9f23bc1e014ab347192e7592661 /crypto/cts.c
parent	d4c5efdb97773f59a2b711754ca0953f24516739 (diff)

diff --git a/crypto/cts.c b/crypto/cts.c index 042223f8e733..133f0874c95e 100644 --- a/crypto/cts.c +++ b/crypto/cts.c
@@ -202,7 +202,8 @@ static int cts_cbc_decrypt(struct crypto_cts_ctx *ctx,
202	/* 5. Append the tail (BB - Ln) bytes of Xn (tmp) to Cn to create En */	202	/* 5. Append the tail (BB - Ln) bytes of Xn (tmp) to Cn to create En */
203	memcpy(s + bsize + lastn, tmp + lastn, bsize - lastn);	203	memcpy(s + bsize + lastn, tmp + lastn, bsize - lastn);
204	/* 6. Decrypt En to create Pn-1 */	204	/* 6. Decrypt En to create Pn-1 */
205	memset(iv, 0, sizeof(iv));	205	memzero_explicit(iv, sizeof(iv));
		206
206	sg_set_buf(&sgsrc[0], s + bsize, bsize);	207	sg_set_buf(&sgsrc[0], s + bsize, bsize);
207	sg_set_buf(&sgdst[0], d, bsize);	208	sg_set_buf(&sgdst[0], d, bsize);
208	err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);	209	err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);