tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random

Pull /dev/random updates from Ted Ts'o:
"This adds a memzero_explicit() call which is guaranteed not to be
optimized away by GCC. This is important when we are wiping
cryptographically sensitive material"

* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
crypto: memzero_explicit - make sure to clear out sensitive data
random: add and use memzero_explicit() for clearing data

Linus Torvalds 14d4cc08 1c45d9a9

+36 -19
+2 -1
crypto/cts.c
··· 202 202 /* 5. Append the tail (BB - Ln) bytes of Xn (tmp) to Cn to create En */ 203 203 memcpy(s + bsize + lastn, tmp + lastn, bsize - lastn); 204 204 /* 6. Decrypt En to create Pn-1 */ 205 - memset(iv, 0, sizeof(iv)); 205 + memzero_explicit(iv, sizeof(iv)); 206 + 206 207 sg_set_buf(&sgsrc[0], s + bsize, bsize); 207 208 sg_set_buf(&sgdst[0], d, bsize); 208 209 err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
+1 -1
crypto/sha1_generic.c
··· 64 64 src = data + done; 65 65 } while (done + SHA1_BLOCK_SIZE <= len); 66 66 67 - memset(temp, 0, sizeof(temp)); 67 + memzero_explicit(temp, sizeof(temp)); 68 68 partial = 0; 69 69 } 70 70 memcpy(sctx->buffer + partial, src, len - done);
+2 -3
crypto/sha256_generic.c
··· 211 211 212 212 /* clear any sensitive info... */ 213 213 a = b = c = d = e = f = g = h = t1 = t2 = 0; 214 - memset(W, 0, 64 * sizeof(u32)); 214 + memzero_explicit(W, 64 * sizeof(u32)); 215 215 } 216 - 217 216 218 217 static int sha224_init(struct shash_desc *desc) 219 218 { ··· 316 317 sha256_final(desc, D); 317 318 318 319 memcpy(hash, D, SHA224_DIGEST_SIZE); 319 - memset(D, 0, SHA256_DIGEST_SIZE); 320 + memzero_explicit(D, SHA256_DIGEST_SIZE); 320 321 321 322 return 0; 322 323 }
+1 -1
crypto/sha512_generic.c
··· 239 239 sha512_final(desc, D); 240 240 241 241 memcpy(hash, D, 48); 242 - memset(D, 0, 64); 242 + memzero_explicit(D, 64); 243 243 244 244 return 0; 245 245 }
+2 -2
crypto/tgr192.c
··· 612 612 613 613 tgr192_final(desc, D); 614 614 memcpy(out, D, TGR160_DIGEST_SIZE); 615 - memset(D, 0, TGR192_DIGEST_SIZE); 615 + memzero_explicit(D, TGR192_DIGEST_SIZE); 616 616 617 617 return 0; 618 618 } ··· 623 623 624 624 tgr192_final(desc, D); 625 625 memcpy(out, D, TGR128_DIGEST_SIZE); 626 - memset(D, 0, TGR192_DIGEST_SIZE); 626 + memzero_explicit(D, TGR192_DIGEST_SIZE); 627 627 628 628 return 0; 629 629 }
+1 -1
crypto/vmac.c
··· 613 613 } 614 614 mac = vmac(ctx->partial, ctx->partial_size, nonce, NULL, ctx); 615 615 memcpy(out, &mac, sizeof(vmac_t)); 616 - memset(&mac, 0, sizeof(vmac_t)); 616 + memzero_explicit(&mac, sizeof(vmac_t)); 617 617 memset(&ctx->__vmac_ctx, 0, sizeof(struct vmac_ctx)); 618 618 ctx->partial_size = 0; 619 619 return 0;
+4 -4
crypto/wp512.c
··· 1102 1102 u8 D[64]; 1103 1103 1104 1104 wp512_final(desc, D); 1105 - memcpy (out, D, WP384_DIGEST_SIZE); 1106 - memset (D, 0, WP512_DIGEST_SIZE); 1105 + memcpy(out, D, WP384_DIGEST_SIZE); 1106 + memzero_explicit(D, WP512_DIGEST_SIZE); 1107 1107 1108 1108 return 0; 1109 1109 } ··· 1113 1113 u8 D[64]; 1114 1114 1115 1115 wp512_final(desc, D); 1116 - memcpy (out, D, WP256_DIGEST_SIZE); 1117 - memset (D, 0, WP512_DIGEST_SIZE); 1116 + memcpy(out, D, WP256_DIGEST_SIZE); 1117 + memzero_explicit(D, WP512_DIGEST_SIZE); 1118 1118 1119 1119 return 0; 1120 1120 }
+4 -4
drivers/char/random.c
··· 1106 1106 __mix_pool_bytes(r, hash.w, sizeof(hash.w)); 1107 1107 spin_unlock_irqrestore(&r->lock, flags); 1108 1108 1109 - memset(workspace, 0, sizeof(workspace)); 1109 + memzero_explicit(workspace, sizeof(workspace)); 1110 1110 1111 1111 /* 1112 1112 * In case the hash function has some recognizable output ··· 1118 1118 hash.w[2] ^= rol32(hash.w[2], 16); 1119 1119 1120 1120 memcpy(out, &hash, EXTRACT_SIZE); 1121 - memset(&hash, 0, sizeof(hash)); 1121 + memzero_explicit(&hash, sizeof(hash)); 1122 1122 } 1123 1123 1124 1124 /* ··· 1175 1175 } 1176 1176 1177 1177 /* Wipe data just returned from memory */ 1178 - memset(tmp, 0, sizeof(tmp)); 1178 + memzero_explicit(tmp, sizeof(tmp)); 1179 1179 1180 1180 return ret; 1181 1181 } ··· 1218 1218 } 1219 1219 1220 1220 /* Wipe data just returned from memory */ 1221 - memset(tmp, 0, sizeof(tmp)); 1221 + memzero_explicit(tmp, sizeof(tmp)); 1222 1222 1223 1223 return ret; 1224 1224 }
+3 -2
include/linux/string.h
··· 132 132 #endif 133 133 134 134 extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos, 135 - const void *from, size_t available); 135 + const void *from, size_t available); 136 136 137 137 /** 138 138 * strstarts - does @str start with @prefix? ··· 144 144 return strncmp(str, prefix, strlen(prefix)) == 0; 145 145 } 146 146 147 - extern size_t memweight(const void *ptr, size_t bytes); 147 + size_t memweight(const void *ptr, size_t bytes); 148 + void memzero_explicit(void *s, size_t count); 148 149 149 150 /** 150 151 * kbasename - return the last part of a pathname.
+16
lib/string.c
··· 598 598 EXPORT_SYMBOL(memset); 599 599 #endif 600 600 601 + /** 602 + * memzero_explicit - Fill a region of memory (e.g. sensitive 603 + * keying data) with 0s. 604 + * @s: Pointer to the start of the area. 605 + * @count: The size of the area. 606 + * 607 + * memzero_explicit() doesn't need an arch-specific version as 608 + * it just invokes the one of memset() implicitly. 609 + */ 610 + void memzero_explicit(void *s, size_t count) 611 + { 612 + memset(s, 0, count); 613 + OPTIMIZER_HIDE_VAR(s); 614 + } 615 + EXPORT_SYMBOL(memzero_explicit); 616 + 601 617 #ifndef __HAVE_ARCH_MEMCPY 602 618 /** 603 619 * memcpy - Copy one area of memory to another