Regular memset maybe removed by compiler if done before a free
function. Use new rte_free_sensitive instead.
Signed-off-by: Stephen Hemminger <step...@networkplumber.org>
Acked-by: Bruce Richardson <bruce.richard...@intel.com>
---
drivers/crypto/qat/qat_asym.c | 5 +----
drivers/crypto/qat/qat_sym_session.c | 8 ++++----
2 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index f5b56b2f71..d8a1406819 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -102,10 +102,7 @@ static const struct rte_driver cryptodev_qat_asym_driver =
{
curve.p.data, curve.bytesize)
#define PARAM_CLR(what) \
- do { \
- memset(what.data, 0, what.length); \
- rte_free(what.data); \
- } while (0)
+ rte_free_sensitive(what.data)
static void
request_init(struct icp_qat_fw_pke_request *qat_req)
diff --git a/drivers/crypto/qat/qat_sym_session.c
b/drivers/crypto/qat/qat_sym_session.c
index 7836c95064..fd2cc94418 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -1739,8 +1739,8 @@ static int qat_sym_do_precomputes(enum
icp_qat_hw_auth_algo hash_alg,
/* do partial hash of ipad and copy to state1 */
if (partial_hash_compute(hash_alg, ipad, p_state_buf)) {
- memset(ipad, 0, block_size);
- memset(opad, 0, block_size);
+ rte_memzero_explicit(ipad, block_size);
+ rte_memzero_explicit(opad, block_size);
QAT_LOG(ERR, "ipad precompute failed");
return -EFAULT;
}
@@ -1751,8 +1751,8 @@ static int qat_sym_do_precomputes(enum
icp_qat_hw_auth_algo hash_alg,
*/
*p_state_len = qat_hash_get_state1_size(hash_alg);
if (partial_hash_compute(hash_alg, opad, p_state_buf + *p_state_len)) {
- memset(ipad, 0, block_size);
- memset(opad, 0, block_size);
+ rte_memzero_explicit(ipad, block_size);
+ rte_memzero_explicit(opad, block_size);
QAT_LOG(ERR, "opad precompute failed");
return -EFAULT;
}
--
2.47.2
