On Sun, 25 Oct 2020 at 15:31, Arvind Sankar <nived...@alum.mit.edu> wrote: > > Without the barrier_data() inside memzero_explicit(), the compiler may > optimize away the state-clearing if it can tell that the state is not > used afterwards. At least in lib/crypto/sha256.c:__sha256_final(), the > function can get inlined into sha256(), in which case the memset is > optimized away. > > Signed-off-by: Arvind Sankar <nived...@alum.mit.edu> > Reviewed-by: Eric Biggers <ebigg...@google.com>
Acked-by: Ard Biesheuvel <a...@kernel.org> > --- > lib/crypto/sha256.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/crypto/sha256.c b/lib/crypto/sha256.c > index 2321f6cb322f..d43bc39ab05e 100644 > --- a/lib/crypto/sha256.c > +++ b/lib/crypto/sha256.c > @@ -265,7 +265,7 @@ static void __sha256_final(struct sha256_state *sctx, u8 > *out, int digest_words) > put_unaligned_be32(sctx->state[i], &dst[i]); > > /* Zeroize sensitive information. */ > - memset(sctx, 0, sizeof(*sctx)); > + memzero_explicit(sctx, sizeof(*sctx)); > } > > void sha256_final(struct sha256_state *sctx, u8 *out) > -- > 2.26.2 >
