diff options
| author | Yi Chou <yich@google.com> | 2023-04-18 07:05:02 +0000 |
|---|---|---|
| committer | Yi Chou <yich@google.com> | 2023-04-18 07:11:32 +0000 |
| commit | 06e507c9b58aef5c5290a504c625cfbbe1bb2f4e (patch) | |
| tree | 448b35b369b12501169e6cde1aab735341b34801 | |
| parent | af177eb7ecaef30671ee99738f0bf5442d7f590e (diff) | |
| download | chrome-ec-06e507c9b58aef5c5290a504c625cfbbe1bb2f4e.tar.gz | |
Revert "fpsensor: Use OPENSSL_cleanse instead of always_memset"
This reverts commit 848e5a749e7cd6d02a2b31ee275470ba68cbe43d.
Reason for revert: break the build of chromeos-base/chromeos-fpmcu-unittests.
Original change's description:
> fpsensor: Use OPENSSL_cleanse instead of always_memset
>
> BUG=b:248508087, b:273639386
> TEST=make runhosttests -j
> TEST=make buildall -j
> BRANCH=none
>
> Change-Id: If26578b31d768875bd4b85cdce8a6365e181685a
> Signed-off-by: Yi Chou <yich@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4387995
> Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Bug: b:248508087, b:273639386
Change-Id: I088af334de9537e88e6824262b0ea9ef6344ff72
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4439432
Owners-Override: Yi Chou <yich@google.com>
Tested-by: Yi Chou <yich@google.com>
Commit-Queue: Yi Chou <yich@google.com>
Reviewed-by: Howard Yang <hcyang@google.com>
| -rw-r--r-- | common/fpsensor/fpsensor.cc | 12 | ||||
| -rw-r--r-- | common/fpsensor/fpsensor_crypto.cc | 16 | ||||
| -rw-r--r-- | common/fpsensor/fpsensor_state.cc | 18 |
3 files changed, 21 insertions, 25 deletions
diff --git a/common/fpsensor/fpsensor.cc b/common/fpsensor/fpsensor.cc index e3d96cde16..cb013363f1 100644 --- a/common/fpsensor/fpsensor.cc +++ b/common/fpsensor/fpsensor.cc @@ -4,14 +4,12 @@ */ #include "compile_time_macros.h" -/* Boringssl headers need to be included before extern "C" section. */ -#include "openssl/mem.h" - extern "C" { #include "atomic.h" #include "clock.h" #include "common.h" #include "console.h" +#include "cryptoc/util.h" #include "ec_commands.h" #include "gpio.h" #include "host_command.h" @@ -519,7 +517,7 @@ static enum ec_status fp_command_frame(struct host_cmd_handler_args *args) encrypted_template, encrypted_blob_size, enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); - OPENSSL_cleanse(key, sizeof(key)); + always_memset(key, 0, sizeof(key)); if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to encrypt template", fgr); return EC_RES_UNAVAILABLE; @@ -642,7 +640,7 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args) encrypted_template, encrypted_blob_size, enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); - OPENSSL_cleanse(key, sizeof(key)); + always_memset(key, 0, sizeof(key)); if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to decipher template", idx); /* Don't leave bad data in the template buffer */ @@ -661,8 +659,8 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args) if (bytes_are_trivial(positive_match_salt, sizeof(fp_positive_match_salt[0]))) { CPRINTS("fgr%d: Trivial positive match salt.", idx); - OPENSSL_cleanse(fp_template[idx], - sizeof(fp_template[0])); + always_memset(fp_template[idx], 0, + sizeof(fp_template[0])); return EC_RES_INVALID_PARAM; } memcpy(fp_positive_match_salt[idx], positive_match_salt, diff --git a/common/fpsensor/fpsensor_crypto.cc b/common/fpsensor/fpsensor_crypto.cc index 5b5ce9de49..5861064427 100644 --- a/common/fpsensor/fpsensor_crypto.cc +++ b/common/fpsensor/fpsensor_crypto.cc @@ -8,13 +8,13 @@ #include "fpsensor_state.h" #include "fpsensor_utils.h" #include "openssl/aes.h" -#include "openssl/mem.h" /* These must be included after the "openssl/aes.h" */ #include "crypto/fipsmodule/aes/internal.h" #include "crypto/fipsmodule/modes/internal.h" extern "C" { +#include "cryptoc/util.h" #include "rollback.h" #include "sha256.h" #include "util.h" @@ -101,7 +101,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, compute_hmac_sha256(key_buf, prk, prk_size, message_buf, info_size + 1); memcpy(out_key, key_buf, out_key_size); - OPENSSL_cleanse(key_buf, sizeof(key_buf)); + always_memset(key_buf, 0, sizeof(key_buf)); return EC_SUCCESS; } @@ -156,8 +156,8 @@ int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, size_t prk_size, out_key += block_size; L -= block_size; } - OPENSSL_cleanse(T_buffer, sizeof(T_buffer)); - OPENSSL_cleanse(info_buffer, sizeof(info_buffer)); + always_memset(T_buffer, 0, sizeof(T_buffer)); + always_memset(info_buffer, 0, sizeof(info_buffer)); return EC_SUCCESS; #undef HASH_LEN } @@ -187,7 +187,7 @@ int derive_positive_match_secret(uint8_t *output, /* "Extract" step of HKDF. */ hkdf_extract(prk, input_positive_match_salt, FP_POSITIVE_MATCH_SALT_BYTES, ikm, sizeof(ikm)); - OPENSSL_cleanse(ikm, sizeof(ikm)); + always_memset(ikm, 0, sizeof(ikm)); memcpy(info, info_prefix, strlen(info_prefix)); memcpy(info + strlen(info_prefix), user_id, sizeof(user_id)); @@ -195,7 +195,7 @@ int derive_positive_match_secret(uint8_t *output, /* "Expand" step of HKDF. */ ret = hkdf_expand(output, FP_POSITIVE_MATCH_SECRET_BYTES, prk, sizeof(prk), info, sizeof(info)); - OPENSSL_cleanse(prk, sizeof(prk)); + always_memset(prk, 0, sizeof(prk)); /* Check that secret is not full of 0x00 or 0xff. */ if (bytes_are_trivial(output, FP_POSITIVE_MATCH_SECRET_BYTES)) { @@ -225,7 +225,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) /* "Extract step of HKDF. */ hkdf_extract(prk, salt, FP_CONTEXT_ENCRYPTION_SALT_BYTES, ikm, sizeof(ikm)); - OPENSSL_cleanse(ikm, sizeof(ikm)); + always_memset(ikm, 0, sizeof(ikm)); /* * Only 1 "expand" step of HKDF since the size of the "info" context @@ -234,7 +234,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) */ ret = hkdf_expand_one_step(out_key, SBP_ENC_KEY_LEN, prk, sizeof(prk), (uint8_t *)user_id, sizeof(user_id)); - OPENSSL_cleanse(prk, sizeof(prk)); + always_memset(prk, 0, sizeof(prk)); return ret; } diff --git a/common/fpsensor/fpsensor_state.cc b/common/fpsensor/fpsensor_state.cc index c4fec5fb5b..7a2c9b6347 100644 --- a/common/fpsensor/fpsensor_state.cc +++ b/common/fpsensor/fpsensor_state.cc @@ -4,13 +4,12 @@ */ #include "compile_time_macros.h" - -/* Boringssl headers need to be included before extern "C" section. */ -#include "openssl/mem.h" +#include "fpsensor_utils.h" extern "C" { #include "atomic.h" #include "common.h" +#include "cryptoc/util.h" #include "ec_commands.h" #include "host_command.h" #include "system.h" @@ -21,7 +20,6 @@ extern "C" { #include "fpsensor.h" #include "fpsensor_crypto.h" #include "fpsensor_state.h" -#include "fpsensor_utils.h" /* Last acquired frame (aligned as it is used by arbitrary binary libraries) */ uint8_t fp_buffer[FP_SENSOR_IMAGE_SIZE] FP_FRAME_SECTION __aligned(4); @@ -73,9 +71,9 @@ void fp_task_simulate(void) void fp_clear_finger_context(uint16_t idx) { - OPENSSL_cleanse(fp_template[idx], sizeof(fp_template[0])); - OPENSSL_cleanse(fp_positive_match_salt[idx], - sizeof(fp_positive_match_salt[0])); + always_memset(fp_template[idx], 0, sizeof(fp_template[0])); + always_memset(fp_positive_match_salt[idx], 0, + sizeof(fp_positive_match_salt[0])); } /** @@ -87,9 +85,9 @@ static void _fp_clear_context(void) { templ_valid = 0; templ_dirty = 0; - OPENSSL_cleanse(fp_buffer, sizeof(fp_buffer)); - OPENSSL_cleanse(fp_enc_buffer, sizeof(fp_enc_buffer)); - OPENSSL_cleanse(user_id, sizeof(user_id)); + always_memset(fp_buffer, 0, sizeof(fp_buffer)); + always_memset(fp_enc_buffer, 0, sizeof(fp_enc_buffer)); + always_memset(user_id, 0, sizeof(user_id)); fp_disable_positive_match_secret(&positive_match_secret_state); for (uint16_t idx = 0; idx < FP_MAX_FINGER_COUNT; idx++) fp_clear_finger_context(idx); |