diff mbox series

[v8,11/17] crypto/qat: use secure free for keys

Message ID	20250216170110.7230-12-stephen@networkplumber.org (mailing list archive)
State	Superseded
Delegated to:	Thomas Monjalon
Headers	From: Stephen Hemminger <stephen@networkplumber.org> To: dev@dpdk.org Cc: Stephen Hemminger <stephen@networkplumber.org>, Bruce Richardson <bruce.richardson@intel.com>, Kai Ji <kai.ji@intel.com> Subject: [PATCH v8 11/17] crypto/qat: use secure free for keys Date: Sun, 16 Feb 2025 08:53:10 -0800 Message-ID: <20250216170110.7230-12-stephen@networkplumber.org> In-Reply-To: <20250216170110.7230-1-stephen@networkplumber.org> References: <20241114011129.451243-1-stephen@networkplumber.org> <20250216170110.7230-1-stephen@networkplumber.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	fix memset warnings reported by PVS studio \| [v8,00/17] fix memset warnings reported by PVS studio [v8,01/17] eal: introduce new secure memory zero [v8,02/17] app/test: use unit test runner for string tests [v8,03/17] app/test: add test for rte_memzero_explicit [v8,04/17] app/test: remove unused variable [v8,05/17] eal: add new secure free function [v8,06/17] app/test: use unit test runner for malloc tests [v8,07/17] app/test: add test for rte_free_sensitive [v8,08/17] common/cnxk: remove unused variable [v8,09/17] crypto/qat: force zero of keys [v8,10/17] crypto/qat: fix size calculation for memset [v8,11/17] crypto/qat: use secure free for keys [v8,12/17] bus/uacce: remove memset before free [v8,13/17] compress/octeontx: remove unnecessary memset [v8,14/17] test: remove unneeded memset [v8,15/17] net/ntnic: check result of malloc [v8,16/17] net/ntnic: remove unnecessary memset [v8,17/17] devtools/cocci: add script to find problematic memset

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Stephen Hemminger Feb. 16, 2025, 4:53 p.m. UTC

Regular memset maybe removed by compiler if done before a free
function. Use new rte_free_sensitive instead.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
---
 drivers/crypto/qat/qat_asym.c        | 5 +----
 drivers/crypto/qat/qat_sym_session.c | 8 ++++----
 2 files changed, 5 insertions(+), 8 deletions(-)

diff mbox series

Patch

diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index f5b56b2f71..d8a1406819 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -102,10 +102,7 @@  static const struct rte_driver cryptodev_qat_asym_driver = {
 		curve.p.data, curve.bytesize)
 
 #define PARAM_CLR(what) \
-	do { \
-		memset(what.data, 0, what.length); \
-		rte_free(what.data);	\
-	} while (0)
+	rte_free_sensitive(what.data)
 
 static void
 request_init(struct icp_qat_fw_pke_request *qat_req)
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 7836c95064..fd2cc94418 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -1739,8 +1739,8 @@  static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
 
 	/* do partial hash of ipad and copy to state1 */
 	if (partial_hash_compute(hash_alg, ipad, p_state_buf)) {
-		memset(ipad, 0, block_size);
-		memset(opad, 0, block_size);
+		rte_memzero_explicit(ipad, block_size);
+		rte_memzero_explicit(opad, block_size);
 		QAT_LOG(ERR, "ipad precompute failed");
 		return -EFAULT;
 	}
@@ -1751,8 +1751,8 @@  static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
 	 */
 	*p_state_len = qat_hash_get_state1_size(hash_alg);
 	if (partial_hash_compute(hash_alg, opad, p_state_buf + *p_state_len)) {
-		memset(ipad, 0, block_size);
-		memset(opad, 0, block_size);
+		rte_memzero_explicit(ipad, block_size);
+		rte_memzero_explicit(opad, block_size);
 		QAT_LOG(ERR, "opad precompute failed");
 		return -EFAULT;
 	}