aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStruk, Tadeusz <tadeusz.struk@intel.com>2014-11-14 14:23:52 -0500
committerHerbert Xu <herbert@gondor.apana.org.au>2014-11-17 09:53:50 -0500
commitaa408d6019775c1b4362895df7929a043fa79804 (patch)
treeb5bddaa81f3326b4858dfc6448598fc841183251
parent52744af3af977ccbbf768be34650d7c75cfc1ad6 (diff)
crypto: qat - Use memzero_explicit
Use the new memzero_explicit function to cleanup sensitive data. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat
-rw-r--r--drivers/crypto/qat/qat_common/qat_algs.c36
1 files changed, 22 insertions, 14 deletions
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 25a409ca2d2a..31076eac0186 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -161,7 +161,7 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
161 __be64 *hash512_state_out; 161 __be64 *hash512_state_out;
162 int i, offset; 162 int i, offset;
163 163
164 memset(auth_state.data, '\0', MAX_AUTH_STATE_SIZE + 64); 164 memzero_explicit(auth_state.data, MAX_AUTH_STATE_SIZE + 64);
165 shash->tfm = ctx->hash_tfm; 165 shash->tfm = ctx->hash_tfm;
166 shash->flags = 0x0; 166 shash->flags = 0x0;
167 167
@@ -174,13 +174,13 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
174 174
175 memcpy(ipad, buff, digest_size); 175 memcpy(ipad, buff, digest_size);
176 memcpy(opad, buff, digest_size); 176 memcpy(opad, buff, digest_size);
177 memset(ipad + digest_size, 0, block_size - digest_size); 177 memzero_explicit(ipad + digest_size, block_size - digest_size);
178 memset(opad + digest_size, 0, block_size - digest_size); 178 memzero_explicit(opad + digest_size, block_size - digest_size);
179 } else { 179 } else {
180 memcpy(ipad, auth_key, auth_keylen); 180 memcpy(ipad, auth_key, auth_keylen);
181 memcpy(opad, auth_key, auth_keylen); 181 memcpy(opad, auth_key, auth_keylen);
182 memset(ipad + auth_keylen, 0, block_size - auth_keylen); 182 memzero_explicit(ipad + auth_keylen, block_size - auth_keylen);
183 memset(opad + auth_keylen, 0, block_size - auth_keylen); 183 memzero_explicit(opad + auth_keylen, block_size - auth_keylen);
184 } 184 }
185 185
186 for (i = 0; i < block_size; i++) { 186 for (i = 0; i < block_size; i++) {
@@ -254,6 +254,8 @@ static int qat_alg_do_precomputes(struct icp_qat_hw_auth_algo_blk *hash,
254 default: 254 default:
255 return -EFAULT; 255 return -EFAULT;
256 } 256 }
257 memzero_explicit(ipad, block_size);
258 memzero_explicit(opad, block_size);
257 return 0; 259 return 0;
258} 260}
259 261
@@ -492,12 +494,12 @@ static int qat_alg_setkey(struct crypto_aead *tfm, const uint8_t *key,
492 if (ctx->enc_cd) { 494 if (ctx->enc_cd) {
493 /* rekeying */ 495 /* rekeying */
494 dev = &GET_DEV(ctx->inst->accel_dev); 496 dev = &GET_DEV(ctx->inst->accel_dev);
495 memset(ctx->enc_cd, 0, sizeof(struct qat_alg_cd)); 497 memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
496 memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd)); 498 memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
497 memset(&ctx->enc_fw_req_tmpl, 0, 499 memzero_explicit(&ctx->enc_fw_req_tmpl,
498 sizeof(struct icp_qat_fw_la_bulk_req)); 500 sizeof(struct icp_qat_fw_la_bulk_req));
499 memset(&ctx->dec_fw_req_tmpl, 0, 501 memzero_explicit(&ctx->dec_fw_req_tmpl,
500 sizeof(struct icp_qat_fw_la_bulk_req)); 502 sizeof(struct icp_qat_fw_la_bulk_req));
501 } else { 503 } else {
502 /* new key */ 504 /* new key */
503 int node = get_current_node(); 505 int node = get_current_node();
@@ -534,10 +536,12 @@ static int qat_alg_setkey(struct crypto_aead *tfm, const uint8_t *key,
534 return 0; 536 return 0;
535 537
536out_free_all: 538out_free_all:
539 memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
537 dma_free_coherent(dev, sizeof(struct qat_alg_cd), 540 dma_free_coherent(dev, sizeof(struct qat_alg_cd),
538 ctx->dec_cd, ctx->dec_cd_paddr); 541 ctx->dec_cd, ctx->dec_cd_paddr);
539 ctx->dec_cd = NULL; 542 ctx->dec_cd = NULL;
540out_free_enc: 543out_free_enc:
544 memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
541 dma_free_coherent(dev, sizeof(struct qat_alg_cd), 545 dma_free_coherent(dev, sizeof(struct qat_alg_cd),
542 ctx->enc_cd, ctx->enc_cd_paddr); 546 ctx->enc_cd, ctx->enc_cd_paddr);
543 ctx->enc_cd = NULL; 547 ctx->enc_cd = NULL;
@@ -832,7 +836,7 @@ static int qat_alg_init(struct crypto_tfm *tfm,
832{ 836{
833 struct qat_alg_session_ctx *ctx = crypto_tfm_ctx(tfm); 837 struct qat_alg_session_ctx *ctx = crypto_tfm_ctx(tfm);
834 838
835 memset(ctx, '\0', sizeof(*ctx)); 839 memzero_explicit(ctx, sizeof(*ctx));
836 ctx->hash_tfm = crypto_alloc_shash(hash_name, 0, 0); 840 ctx->hash_tfm = crypto_alloc_shash(hash_name, 0, 0);
837 if (IS_ERR(ctx->hash_tfm)) 841 if (IS_ERR(ctx->hash_tfm))
838 return -EFAULT; 842 return -EFAULT;
@@ -872,12 +876,16 @@ static void qat_alg_exit(struct crypto_tfm *tfm)
872 return; 876 return;
873 877
874 dev = &GET_DEV(inst->accel_dev); 878 dev = &GET_DEV(inst->accel_dev);
875 if (ctx->enc_cd) 879 if (ctx->enc_cd) {
880 memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
876 dma_free_coherent(dev, sizeof(struct qat_alg_cd), 881 dma_free_coherent(dev, sizeof(struct qat_alg_cd),
877 ctx->enc_cd, ctx->enc_cd_paddr); 882 ctx->enc_cd, ctx->enc_cd_paddr);
878 if (ctx->dec_cd) 883 }
884 if (ctx->dec_cd) {
885 memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
879 dma_free_coherent(dev, sizeof(struct qat_alg_cd), 886 dma_free_coherent(dev, sizeof(struct qat_alg_cd),
880 ctx->dec_cd, ctx->dec_cd_paddr); 887 ctx->dec_cd, ctx->dec_cd_paddr);
888 }
881 qat_crypto_put_instance(inst); 889 qat_crypto_put_instance(inst);
882} 890}
883 891
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-22 02:47:13 -0400