crypto: hash - Use memzero_explicit() for clearing state

Without the barrier_data() inside memzero_explicit(), the compiler may
optimize away the state-clearing if it can tell that the state is not
used afterwards.

Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/arch/arm64/crypto/ghash-ce-glue.c b/arch/arm64/crypto/ghash-ce-glue.c
index 8536008e3e356511460acbb818dead4bf1d62340..2427e2f3a9a1cebb55ad4a7535f89cf1a17a8d7b 100644 (file)
--- a/arch/arm64/crypto/ghash-ce-glue.c
+++ b/arch/arm64/crypto/ghash-ce-glue.c
@@ -168,7 +168,7 @@ static int ghash_final(struct shash_desc *desc, u8 *dst)
        put_unaligned_be64(ctx->digest[1], dst);
        put_unaligned_be64(ctx->digest[0], dst + 8);
 
-       *ctx = (struct ghash_desc_ctx){};
+       memzero_explicit(ctx, sizeof(*ctx));
        return 0;
 }
 

diff --git a/arch/arm64/crypto/poly1305-glue.c b/arch/arm64/crypto/poly1305-glue.c
index f33ada70c4ed8f84171b202e3f447880e0e7696f..683de671741a7f0de196a1e9947d6f6a8510c9c0 100644 (file)
--- a/arch/arm64/crypto/poly1305-glue.c
+++ b/arch/arm64/crypto/poly1305-glue.c
@@ -177,7 +177,7 @@ void poly1305_final_arch(struct poly1305_desc_ctx *dctx, u8 *dst)
        }
 
        poly1305_emit(&dctx->h, dst, dctx->s);
-       *dctx = (struct poly1305_desc_ctx){};
+       memzero_explicit(dctx, sizeof(*dctx));
 }
 EXPORT_SYMBOL(poly1305_final_arch);
 

diff --git a/arch/arm64/crypto/sha3-ce-glue.c b/arch/arm64/crypto/sha3-ce-glue.c
index 9a4bbfc45f4075d34777aaff7bc8d5b16a03a738..e5a2936f08864361d76833c8bfec9257b053cfd9 100644 (file)
--- a/arch/arm64/crypto/sha3-ce-glue.c
+++ b/arch/arm64/crypto/sha3-ce-glue.c
@@ -94,7 +94,7 @@ static int sha3_final(struct shash_desc *desc, u8 *out)
        if (digest_size & 4)
                put_unaligned_le32(sctx->st[i], (__le32 *)digest);
 
-       *sctx = (struct sha3_state){};
+       memzero_explicit(sctx, sizeof(*sctx));
        return 0;
 }
 

diff --git a/arch/x86/crypto/poly1305_glue.c b/arch/x86/crypto/poly1305_glue.c
index e508dbd918139781de284623106b3c2ce9e50421..64d09520d27957bad3f7a7129348c4a8498b2292 100644 (file)
--- a/arch/x86/crypto/poly1305_glue.c
+++ b/arch/x86/crypto/poly1305_glue.c
@@ -209,7 +209,7 @@ void poly1305_final_arch(struct poly1305_desc_ctx *dctx, u8 *dst)
        }
 
        poly1305_simd_emit(&dctx->h, dst, dctx->s);
-       *dctx = (struct poly1305_desc_ctx){};
+       memzero_explicit(dctx, sizeof(*dctx));
 }
 EXPORT_SYMBOL(poly1305_final_arch);
 

diff --git a/include/crypto/sha1_base.h b/include/crypto/sha1_base.h
index 20fd1f7468aff4c26c21574f8d7c26570005c8c9..a5d6033efef7cf8548dc9bdfb07906bfeb096337 100644 (file)
--- a/include/crypto/sha1_base.h
+++ b/include/crypto/sha1_base.h
@@ -12,6 +12,7 @@
 #include <crypto/sha.h>
 #include <linux/crypto.h>
 #include <linux/module.h>
+#include <linux/string.h>
 
 #include <asm/unaligned.h>
 
@@ -101,7 +102,7 @@ static inline int sha1_base_finish(struct shash_desc *desc, u8 *out)
        for (i = 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++)
                put_unaligned_be32(sctx->state[i], digest++);
 
-       *sctx = (struct sha1_state){};
+       memzero_explicit(sctx, sizeof(*sctx));
        return 0;
 }
 

diff --git a/include/crypto/sha256_base.h b/include/crypto/sha256_base.h
index 6ded110783ae87dd97c40edc42b83ad0a08431f6..93f9fd21cc0686eca7145d8c9e629ab0d7b5b1b8 100644 (file)
--- a/include/crypto/sha256_base.h
+++ b/include/crypto/sha256_base.h
@@ -12,6 +12,7 @@
 #include <crypto/sha.h>
 #include <linux/crypto.h>
 #include <linux/module.h>
+#include <linux/string.h>
 
 #include <asm/unaligned.h>
 
@@ -105,7 +106,7 @@ static inline int sha256_base_finish(struct shash_desc *desc, u8 *out)
        for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be32))
                put_unaligned_be32(sctx->state[i], digest++);
 
-       *sctx = (struct sha256_state){};
+       memzero_explicit(sctx, sizeof(*sctx));
        return 0;
 }
 

diff --git a/include/crypto/sha512_base.h b/include/crypto/sha512_base.h
index fb19c77494dc8b57e07cb69db6d1aa5d6c68af87..93ab73baa38e518531bcbd32841718e3dff6f2d5 100644 (file)
--- a/include/crypto/sha512_base.h
+++ b/include/crypto/sha512_base.h
@@ -12,6 +12,7 @@
 #include <crypto/sha.h>
 #include <linux/crypto.h>
 #include <linux/module.h>
+#include <linux/string.h>
 
 #include <asm/unaligned.h>
 
@@ -126,7 +127,7 @@ static inline int sha512_base_finish(struct shash_desc *desc, u8 *out)
        for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be64))
                put_unaligned_be64(sctx->state[i], digest++);
 
-       *sctx = (struct sha512_state){};
+       memzero_explicit(sctx, sizeof(*sctx));
        return 0;
 }
 

diff --git a/include/crypto/sm3_base.h b/include/crypto/sm3_base.h
index 1cbf9aa1fe5244f629e49894e339f9beb2f0513e..2f3a32ab97bb9b6f10fce5bbeea8a71c2c7217c9 100644 (file)
--- a/include/crypto/sm3_base.h
+++ b/include/crypto/sm3_base.h
@@ -13,6 +13,7 @@
 #include <crypto/sm3.h>
 #include <linux/crypto.h>
 #include <linux/module.h>
+#include <linux/string.h>
 #include <asm/unaligned.h>
 
 typedef void (sm3_block_fn)(struct sm3_state *sst, u8 const *src, int blocks);
@@ -104,7 +105,7 @@ static inline int sm3_base_finish(struct shash_desc *desc, u8 *out)
        for (i = 0; i < SM3_DIGEST_SIZE / sizeof(__be32); i++)
                put_unaligned_be32(sctx->state[i], digest++);
 
-       *sctx = (struct sm3_state){};
+       memzero_explicit(sctx, sizeof(*sctx));
        return 0;
 }