renegade-project/linux-snapdragon
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7185ad2672
linux-snapdragon/crypto
History
Daniel Borkmann 7185ad2672 crypto: memzero_explicit - make sure to clear out sensitive data 
Recently, in commit 13aa93c70e71 ("random: add and use memzero_explicit()
for clearing data"), we have found that GCC may optimize some memset()
cases away when it detects a stack variable is not being used anymore
and going out of scope. This can happen, for example, in cases when we
are clearing out sensitive information such as keying material or any
e.g. intermediate results from crypto computations, etc.

With the help of Coccinelle, we can figure out and fix such occurences
in the crypto subsytem as well. Julia Lawall provided the following
Coccinelle program:

  @@
  type T;
  identifier x;
  @@

  T x;
  ... when exists
      when any
  -memset
  +memzero_explicit
     (&x,
  -0,
     ...)
  ... when != x
      when strict

  @@
  type T;
  identifier x;
  @@

  T x[...];
  ... when exists
      when any
  -memset
  +memzero_explicit
     (x,
  -0,
     ...)
  ... when != x
      when strict

Therefore, make use of the drop-in replacement memzero_explicit() for
exactly such cases instead of using memset().

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Julia Lawall <julia.lawall@lip6.fr>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2014-10-17 11:44:07 -04:00
..
asymmetric_keys X.509: Need to export x509_request_asymmetric_key() 2014-08-03 12:54:48 +01:00
async_tx Merge commit 'dmaengine-3.13-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/dmaengine 2013-11-16 12:02:36 +05:30
842.c crypto: 842 - remove .cra_list initialization 2012-09-07 04:17:06 +08:00
ablk_helper.c crypto: ablk_helper - Replace memcpy with struct assignment 2013-10-07 14:16:57 +08:00
ablkcipher.c crypto: skcipher - Use eseqiv even on UP machines 2013-10-30 09:51:45 +08:00
aead.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
aes_generic.c crypto: make tables used from assembler __visible 2013-08-14 20:42:03 +10:00
af_alg.c crypto: af_alg - properly label AF_ALG socket 2014-07-31 21:54:00 +08:00
ahash.c crypto: hash - Add real ahash walk interface 2014-05-21 20:56:12 +08:00
algapi.c crypto: fips - only panic on bad/missing crypto mod signatures 2014-07-03 21:38:32 +08:00
algboss.c crypto: algboss - Hold ref count on larval 2013-06-25 19:15:17 +08:00
algif_hash.c net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST 2013-11-29 16:32:54 -05:00
algif_skcipher.c net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST 2013-11-29 16:32:54 -05:00
ansi_cprng.c crypto: ansi_cprng - Fix off by one error in non-block size request 2013-09-24 06:02:23 +10:00
anubis.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
api.c crypto: api - Fix race condition in larval lookup 2013-09-08 14:33:50 +10:00
arc4.c crypto: arc4 - improve performance by using u32 for ctx and variables 2012-06-14 10:07:23 +08:00
authenc.c crypto: authenc - Find proper IV address in ablkcipher callback 2013-11-28 22:16:23 +08:00
authencesn.c crypto: authencesn - Simplify key parsing 2013-10-16 20:56:25 +08:00
blkcipher.c crypto: allow blkcipher walks over AEAD data 2014-03-10 20:17:11 +08:00
blowfish_common.c crypto: blowfish - split generic and common c code 2011-09-22 21:25:25 +10:00
blowfish_generic.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
camellia_generic.c crypto: camellia_generic - replace commas by semicolons and adjust code alignment 2013-08-21 21:08:33 +10:00
cast5_generic.c crypto: cast5/cast6 - move lookup tables to shared module 2012-12-06 17:16:26 +08:00
cast6_generic.c crypto: cast5/cast6 - move lookup tables to shared module 2012-12-06 17:16:26 +08:00
cast_common.c crypto: make tables used from assembler __visible 2013-08-14 20:42:03 +10:00
cbc.c
ccm.c crypto: ccm - Fix handling of zero plaintext when computing mac 2013-11-28 22:25:17 +08:00
chainiv.c arch: Mass conversion of smp_mb__*() 2014-04-18 14:20:48 +02:00
cipher.c crypto: cipher - Fix checkpatch errors 2010-02-16 20:31:37 +08:00
cmac.c crypto: add CMAC support to CryptoAPI 2013-04-25 21:01:47 +08:00
compress.c crypto: compress - Fix checkpatch errors 2010-02-16 20:31:04 +08:00
crc32.c crypto: crc32 - add crc32 pclmulqdq implementation and wrappers for table implementation 2013-01-20 10:16:45 +11:00
crc32c_generic.c CRC32C: Add soft module dependency to load other accelerated crc32c modules 2014-02-25 19:45:04 +08:00
crct10dif_common.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
crct10dif_generic.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
cryptd.c crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
crypto_null.c crypto: export NULL algorithms defines 2014-03-21 21:54:26 +08:00
crypto_user.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6 into next 2014-06-07 19:44:40 -07:00
crypto_wq.c crypto: crypto_wq - Fix late crypto work queue initialization 2014-03-21 21:54:28 +08:00
ctr.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-02-25 15:56:15 -08:00
cts.c crypto: memzero_explicit - make sure to clear out sensitive data 2014-10-17 11:44:07 -04:00
deflate.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
des_generic.c crypto: des_3des - add x86-64 assembly implementation 2014-06-20 21:27:58 +08:00
drbg.c crypto: drbg - fix failure of generating multiple of 2**16 bytes 2014-08-01 22:36:14 +08:00
ecb.c crypto: ecb - Fix checkpatch errors 2010-02-16 20:33:49 +08:00
eseqiv.c crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
fcrypt.c crypto: fcrypt - Fix bitoperation for compilation with clang 2013-09-02 20:32:58 +10:00
fips.c crypto: api - Add fips_enable flag 2008-08-29 15:50:02 +10:00
gcm.c crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
gf128mul.c crypto: gf128mul - fix call to memset() 2011-07-08 17:21:21 +08:00
ghash-generic.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
hash_info.c crypto: provide single place for hash algo information 2013-10-25 17:14:03 -04:00
hmac.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
internal.h crypto: algboss - Hold ref count on larval 2013-06-25 19:15:17 +08:00
Kconfig Merge branch 'for-linus' of git://ftp.arm.linux.org.uk/~rmk/linux-arm 2014-08-05 10:05:29 -07:00
khazad.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
krng.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
lrw.c crypto: lrw - add interface for parallelized cipher implementions 2011-11-09 11:50:31 +08:00
lz4.c crypto: add lz4 Cryptographic API 2013-07-09 10:33:30 -07:00
lz4hc.c crypto: add lz4 Cryptographic API 2013-07-09 10:33:30 -07:00
lzo.c crypto: lzo - use kvfree() helper 2014-06-25 21:51:53 +08:00
Makefile crypto: drbg - Use Kconfig to ensure at least one RNG option is set 2014-07-04 22:15:08 +08:00
md4.c crypto: add module.h to those files that are explicitly using it 2011-10-31 19:31:11 -04:00
md5.c crypto: Move md5_transform to lib/md5.c 2011-08-06 18:32:45 -07:00
memneq.c crypto: memneq - fix for archs without efficient unaligned access 2013-12-09 20:09:12 +08:00
michael_mic.c crypto: michael_mic - Switch to shash 2008-12-25 11:02:24 +11:00
pcbc.c
pcompress.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
pcrypt.c crypto: pcrypt - Fix wrong usage of rcu_dereference() 2013-12-05 21:28:42 +08:00
proc.c crypto: add module.h to those files that are explicitly using it 2011-10-31 19:31:11 -04:00
ripemd.h
rmd128.c crypto: ripemd - Set module author and update email address 2011-01-04 23:34:03 +11:00
rmd160.c crypto: ripemd - Set module author and update email address 2011-01-04 23:34:03 +11:00
rmd256.c crypto: ripemd - Set module author and update email address 2011-01-04 23:34:03 +11:00
rmd320.c crypto: ripemd - Set module author and update email address 2011-01-04 23:34:03 +11:00
rng.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
salsa20_generic.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
scatterwalk.c crypto: scatterwalk - Add support for calculating number of SG elements 2013-08-21 21:27:58 +10:00
seed.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
seqiv.c crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
serpent_generic.c crypto: serpent - use crypto_[un]register_algs 2012-08-01 17:47:25 +08:00
sha1_generic.c crypto: memzero_explicit - make sure to clear out sensitive data 2014-10-17 11:44:07 -04:00
sha256_generic.c crypto: memzero_explicit - make sure to clear out sensitive data 2014-10-17 11:44:07 -04:00
sha512_generic.c crypto: memzero_explicit - make sure to clear out sensitive data 2014-10-17 11:44:07 -04:00
shash.c crypto: LLVMLinux: aligned-attribute.patch 2014-06-07 11:44:39 -07:00
tcrypt.c crypto: Resolve shadow warnings 2014-08-01 22:35:55 +08:00
tcrypt.h crypto: tcrypt - Added speed tests for AEAD crypto alogrithms in tcrypt test suite 2013-12-20 20:06:25 +08:00
tea.c crypto: tea - use crypto_[un]register_algs 2012-08-01 17:47:24 +08:00
testmgr.c crypto: testmgr - add missing spaces to drbg error strings 2014-08-01 22:36:13 +08:00
testmgr.h crypto: testmgr - use chunks smaller than algo block size in chunk tests 2014-08-01 22:36:11 +08:00
tgr192.c crypto: memzero_explicit - make sure to clear out sensitive data 2014-10-17 11:44:07 -04:00
twofish_common.c crypto: twofish-x86_64-3way - add lrw support 2011-11-09 11:53:32 +08:00
twofish_generic.c crypto: cleanup - remove unneeded crypto_alg.cra_list initializations 2012-08-01 17:47:27 +08:00
vmac.c crypto: memzero_explicit - make sure to clear out sensitive data 2014-10-17 11:44:07 -04:00
wp512.c crypto: memzero_explicit - make sure to clear out sensitive data 2014-10-17 11:44:07 -04:00
xcbc.c crypto: add module.h to those files that are explicitly using it 2011-10-31 19:31:11 -04:00
xor.c add further __init annotations to crypto/xor.c 2012-10-11 13:42:32 +11:00
xts.c crypto: xts: add interface for parallelized cipher implementations 2011-11-09 11:56:06 +08:00
zlib.c initramfs: support initramfs that is bigger than 2GiB 2014-08-08 15:57:26 -07:00