crypto: qat - Fix incorrect uses of memzero_explicit

2015-01-04 Thread Herbert Xu
memzero_explicit should only be used on stack variables that get zapped just before they go out of scope. This patch replaces all unnecessary uses of memzero_explicit with memset, removes two memzero_explicit calls altogether as the tfm context comes pre-zeroed, and adds a missing memzero_explicit

Re: [PATCH v2] crypto: drbg: use memzero_explicit() for clearing sensitive data

2015-01-04 Thread Herbert Xu
On Thu, Nov 27, 2014 at 10:33:02PM +0800, Herbert Xu wrote: > On Wed, Nov 26, 2014 at 01:40:57PM -0500, Nickolaus Woodruff wrote: > > Compiler dead store optimization can sometimes remove final calls > > to memset() used to clear sensitive data at the end of a function. > > Replace trailing memset(

Re: [PATCH] Use memzero_explicit to clear local buffers

2015-01-04 Thread Herbert Xu
On Sun, Jan 04, 2015 at 11:49:09PM +0100, Giel van Schijndel wrote: > > > sctx does not point to stack memory so this is bogus. > > > > Only stack memory cleared just before it goes out of scope needs > > memzero_explicit. > > Is that because the compiler can't safely optimize memset(0) away for

Re: [PATCH] Use memzero_explicit to clear local buffers

2015-01-04 Thread Giel van Schijndel
On Sun, Jan 04, 2015 at 19:05:40 +0100, Giel van Schijndel wrote: > When leaving a function use memzero_explicit instead of memset(0) to > clear locally allocated/owned buffers. memset(0) may be optimized away. > > All of the affected buffers contain sensitive data, key material or > derivatives o

Re: [PATCH] Use memzero_explicit to clear local buffers

2015-01-04 Thread Giel van Schijndel
On Mon, Jan 05, 2015 at 08:35:38 +1100, Herbert Xu wrote: > On Sun, Jan 04, 2015 at 07:05:40PM +0100, Giel van Schijndel wrote: >> When leaving a function use memzero_explicit instead of memset(0) to >> clear locally allocated/owned buffers. memset(0) may be optimized away. >> >> All of the affect

Re: [PATCH] Use memzero_explicit to clear local buffers

2015-01-04 Thread Herbert Xu
On Sun, Jan 04, 2015 at 07:05:40PM +0100, Giel van Schijndel wrote: > When leaving a function use memzero_explicit instead of memset(0) to > clear locally allocated/owned buffers. memset(0) may be optimized away. > > All of the affected buffers contain sensitive data, key material or > derivatives

[PATCH] Use memzero_explicit to clear local buffers

2015-01-04 Thread Giel van Schijndel
When leaving a function use memzero_explicit instead of memset(0) to clear locally allocated/owned buffers. memset(0) may be optimized away. All of the affected buffers contain sensitive data, key material or derivatives of one of those two. --- arch/x86/crypto/sha256_ssse3_glue.c | 2 +- drivers