diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2015-01-04 18:44:09 -0500 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2015-01-04 18:44:09 -0500 |
commit | 1471f09f9b874e3bd6a439cae7fc34261dc6f7dd (patch) | |
tree | 6e0c453545d8c514ad73cc8896d653d846351fef /crypto | |
parent | 2f3755381da8d592656f1ef6868fa9f96c450ba9 (diff) |
Revert "crypto: drbg - use memzero_explicit() for clearing sensitive data"
This reverts commit 421d82f5b3e75f94e31875e37d45cdf6a557c120.
None of the data zeroed are on the stack so the compiler cannot
optimise them away.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/drbg.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/crypto/drbg.c b/crypto/drbg.c index 96138396ce01..d8ff16e5c322 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c | |||
@@ -98,7 +98,6 @@ | |||
98 | */ | 98 | */ |
99 | 99 | ||
100 | #include <crypto/drbg.h> | 100 | #include <crypto/drbg.h> |
101 | #include <linux/string.h> | ||
102 | 101 | ||
103 | /*************************************************************** | 102 | /*************************************************************** |
104 | * Backend cipher definitions available to DRBG | 103 | * Backend cipher definitions available to DRBG |
@@ -491,9 +490,9 @@ static int drbg_ctr_df(struct drbg_state *drbg, | |||
491 | ret = 0; | 490 | ret = 0; |
492 | 491 | ||
493 | out: | 492 | out: |
494 | memzero_explicit(iv, drbg_blocklen(drbg)); | 493 | memset(iv, 0, drbg_blocklen(drbg)); |
495 | memzero_explicit(temp, drbg_statelen(drbg)); | 494 | memset(temp, 0, drbg_statelen(drbg)); |
496 | memzero_explicit(pad, drbg_blocklen(drbg)); | 495 | memset(pad, 0, drbg_blocklen(drbg)); |
497 | return ret; | 496 | return ret; |
498 | } | 497 | } |
499 | 498 | ||
@@ -567,9 +566,9 @@ static int drbg_ctr_update(struct drbg_state *drbg, struct list_head *seed, | |||
567 | ret = 0; | 566 | ret = 0; |
568 | 567 | ||
569 | out: | 568 | out: |
570 | memzero_explicit(temp, drbg_statelen(drbg) + drbg_blocklen(drbg)); | 569 | memset(temp, 0, drbg_statelen(drbg) + drbg_blocklen(drbg)); |
571 | if (2 != reseed) | 570 | if (2 != reseed) |
572 | memzero_explicit(df_data, drbg_statelen(drbg)); | 571 | memset(df_data, 0, drbg_statelen(drbg)); |
573 | return ret; | 572 | return ret; |
574 | } | 573 | } |
575 | 574 | ||
@@ -627,7 +626,7 @@ static int drbg_ctr_generate(struct drbg_state *drbg, | |||
627 | len = ret; | 626 | len = ret; |
628 | 627 | ||
629 | out: | 628 | out: |
630 | memzero_explicit(drbg->scratchpad, drbg_blocklen(drbg)); | 629 | memset(drbg->scratchpad, 0, drbg_blocklen(drbg)); |
631 | return len; | 630 | return len; |
632 | } | 631 | } |
633 | 632 | ||
@@ -865,7 +864,7 @@ static int drbg_hash_df(struct drbg_state *drbg, | |||
865 | } | 864 | } |
866 | 865 | ||
867 | out: | 866 | out: |
868 | memzero_explicit(tmp, drbg_blocklen(drbg)); | 867 | memset(tmp, 0, drbg_blocklen(drbg)); |
869 | return ret; | 868 | return ret; |
870 | } | 869 | } |
871 | 870 | ||
@@ -909,7 +908,7 @@ static int drbg_hash_update(struct drbg_state *drbg, struct list_head *seed, | |||
909 | ret = drbg_hash_df(drbg, drbg->C, drbg_statelen(drbg), &datalist2); | 908 | ret = drbg_hash_df(drbg, drbg->C, drbg_statelen(drbg), &datalist2); |
910 | 909 | ||
911 | out: | 910 | out: |
912 | memzero_explicit(drbg->scratchpad, drbg_statelen(drbg)); | 911 | memset(drbg->scratchpad, 0, drbg_statelen(drbg)); |
913 | return ret; | 912 | return ret; |
914 | } | 913 | } |
915 | 914 | ||
@@ -944,7 +943,7 @@ static int drbg_hash_process_addtl(struct drbg_state *drbg, | |||
944 | drbg->scratchpad, drbg_blocklen(drbg)); | 943 | drbg->scratchpad, drbg_blocklen(drbg)); |
945 | 944 | ||
946 | out: | 945 | out: |
947 | memzero_explicit(drbg->scratchpad, drbg_blocklen(drbg)); | 946 | memset(drbg->scratchpad, 0, drbg_blocklen(drbg)); |
948 | return ret; | 947 | return ret; |
949 | } | 948 | } |
950 | 949 | ||
@@ -991,7 +990,7 @@ static int drbg_hash_hashgen(struct drbg_state *drbg, | |||
991 | } | 990 | } |
992 | 991 | ||
993 | out: | 992 | out: |
994 | memzero_explicit(drbg->scratchpad, | 993 | memset(drbg->scratchpad, 0, |
995 | (drbg_statelen(drbg) + drbg_blocklen(drbg))); | 994 | (drbg_statelen(drbg) + drbg_blocklen(drbg))); |
996 | return len; | 995 | return len; |
997 | } | 996 | } |
@@ -1040,7 +1039,7 @@ static int drbg_hash_generate(struct drbg_state *drbg, | |||
1040 | drbg_add_buf(drbg->V, drbg_statelen(drbg), u.req, 8); | 1039 | drbg_add_buf(drbg->V, drbg_statelen(drbg), u.req, 8); |
1041 | 1040 | ||
1042 | out: | 1041 | out: |
1043 | memzero_explicit(drbg->scratchpad, drbg_blocklen(drbg)); | 1042 | memset(drbg->scratchpad, 0, drbg_blocklen(drbg)); |
1044 | return len; | 1043 | return len; |
1045 | } | 1044 | } |
1046 | 1045 | ||