MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

crypto: lib/chacha - add strongly-typed state zeroization

Browse Source 
Now that the ChaCha state matrix is strongly-typed, add a helper
function chacha_zeroize_state() which zeroizes it.  Then convert all
applicable callers to use it instead of direct memzero_explicit.  No
functional changes.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Eric Biggers 2025-05-05 11:18:23 -07:00 committed by Herbert Xu
parent 32c9541189
commit 607c92141c
4 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/char/random.c
View File

@ -422,7 +422,7 @@ static void _get_random_bytes(void *buf, size_t len)
buf += CHACHA_BLOCK_SIZE;
}
memzero_explicit(&chacha_state, sizeof(chacha_state));
chacha_zeroize_state(&chacha_state);
}
/*
@ -485,7 +485,7 @@ static ssize_t get_random_bytes_user(struct iov_iter *iter)
memzero_explicit(block, sizeof(block));
out_zero_chacha:
memzero_explicit(&chacha_state, sizeof(chacha_state));
chacha_zeroize_state(&chacha_state);
return ret ? ret : -EFAULT;
}

4
fs/bcachefs/checksum.c
View File

@ -113,7 +113,7 @@ static void bch2_chacha20(const struct bch_key *key, struct nonce nonce,
bch2_chacha20_init(&state, key, nonce);
chacha20_crypt(&state, data, data, len);
memzero_explicit(&state, sizeof(state));
chacha_zeroize_state(&state);
}
static void bch2_poly1305_init(struct poly1305_desc_ctx *desc,
@ -283,7 +283,7 @@ int __bch2_encrypt_bio(struct bch_fs *c, unsigned type,
chacha20_crypt(&chacha_state, p, p, bv.bv_len);
kunmap_local(p);
}
memzero_explicit(&chacha_state, sizeof(chacha_state));
chacha_zeroize_state(&chacha_state);
return ret;
}

6
include/crypto/chacha.h
View File

@ -16,6 +16,7 @@
#define _CRYPTO_CHACHA_H
#include <linux/unaligned.h>
#include <linux/string.h>
#include <linux/types.h>
/* 32-bit stream position, then 96-bit nonce (RFC7539 convention) */
@ -108,6 +109,11 @@ static inline void chacha20_crypt(struct chacha_state *state,
chacha_crypt(state, dst, src, bytes, 20);
}
static inline void chacha_zeroize_state(struct chacha_state *state)
{
memzero_explicit(state, sizeof(*state));
}
#if IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA)
bool chacha_is_arch_optimized(void);
#else

6
lib/crypto/chacha20poly1305.c
View File

@ -84,7 +84,7 @@ __chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size_t src_len,
poly1305_final(&poly1305_state, dst + src_len);
memzero_explicit(chacha_state, sizeof(*chacha_state));
chacha_zeroize_state(chacha_state);
memzero_explicit(&b, sizeof(b));
}
@ -188,7 +188,7 @@ bool chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size_t src_len,
ret = __chacha20poly1305_decrypt(dst, src, src_len, ad, ad_len,
&chacha_state);
memzero_explicit(&chacha_state, sizeof(chacha_state));
chacha_zeroize_state(&chacha_state);
memzero_explicit(iv, sizeof(iv));
memzero_explicit(k, sizeof(k));
return ret;
@ -328,7 +328,7 @@ bool chacha20poly1305_crypt_sg_inplace(struct scatterlist *src,
!crypto_memneq(b.mac[0], b.mac[1], POLY1305_DIGEST_SIZE);
}
memzero_explicit(&chacha_state, sizeof(chacha_state));
chacha_zeroize_state(&chacha_state);
memzero_explicit(&b, sizeof(b));
return ret;