• Daniel Borkmann's avatar
    random: add and use memzero_explicit() for clearing data · d4c5efdb
    Daniel Borkmann authored
    zatimend has reported that in his environment (3.16/gcc4.8.3/corei7)
    memset() calls which clear out sensitive data in extract_{buf,entropy,
    entropy_user}() in random driver are being optimized away by gcc.
    
    Add a helper memzero_explicit() (similarly as explicit_bzero() variants)
    that can be used in such cases where a variable with sensitive data is
    being cleared out in the end. Other use cases might also be in crypto
    code. [ I have put this into lib/string.c though, as it's always built-in
    and doesn't need any dependencies then. ]
    
    Fixes kernel bugzilla: 82041
    
    Reported-by: zatimend@hotmail.co.uk
    Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
    Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
    Cc: Alexey Dobriyan <adobriyan@gmail.com>
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Cc: stable@vger.kernel.org
    d4c5efdb
string.c 17 KB