diff options
| author | nagendra modadugu <ngm@google.com> | 2017-05-09 18:39:13 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-05-15 17:34:30 -0700 |
| commit | ed1532bf81e3738eda104db226f46d5a457fec30 (patch) | |
| tree | ac7808281f9e6a83905f0163dcfab4d889054704 /board/cr50/tpm2/rsa.c | |
| parent | f660c8e5b0404d454db69ef04d9c5c96b5938353 (diff) | |
| download | chrome-ec-ed1532bf81e3738eda104db226f46d5a457fec30.tar.gz | |
CR50: replace dcrypto_memset with always_memset
always_memset() implements a version of memset
that survives compiler optimization. This change
replaces instances of the (placeholder) call
dcrypto_memset() with always_memset().
Also add a couple of missing memsets and
fix related TODOs by replacing memset()
with always_memset().
BRANCH=none
BUG=none
TEST=TCG tests pass
Change-Id: I742393852ed5be9f74048eea7244af7be027dd0e
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/501368
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'board/cr50/tpm2/rsa.c')
| -rw-r--r-- | board/cr50/tpm2/rsa.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/board/cr50/tpm2/rsa.c b/board/cr50/tpm2/rsa.c index 52507c985f..70e14fba97 100644 --- a/board/cr50/tpm2/rsa.c +++ b/board/cr50/tpm2/rsa.c @@ -10,6 +10,8 @@ #include "dcrypto.h" #include "trng.h" +#include "cryptoc/util.h" + #include <assert.h> TPM2B_BYTE_VALUE(4); @@ -427,8 +429,7 @@ CRYPT_RESULT _cpri__GenerateKeyRSA( &counter)) { if (counter_in != NULL) *counter_in = counter; - /* TODO(ngm): implement secure memset. */ - memset(local_seed.t.buffer, 0, local_seed.t.size); + always_memset(local_seed.t.buffer, 0, local_seed.t.size); return CRYPT_FAIL; } @@ -438,8 +439,7 @@ CRYPT_RESULT _cpri__GenerateKeyRSA( &counter)) { if (counter_in != NULL) *counter_in = counter; - /* TODO(ngm): implement secure memset. */ - memset(local_seed.t.buffer, 0, local_seed.t.size); + always_memset(local_seed.t.buffer, 0, local_seed.t.size); return CRYPT_FAIL; } @@ -451,9 +451,8 @@ CRYPT_RESULT _cpri__GenerateKeyRSA( DCRYPTO_bn_mul(&N, &p, &q); reverse_tpm2b(N_buf); reverse_tpm2b(p_buf); - /* TODO(ngm): replace with secure memset. */ - memset(q_buf, 0, sizeof(q_buf)); - memset(local_seed.t.buffer, 0, local_seed.t.size); + always_memset(q_buf, 0, sizeof(q_buf)); + always_memset(local_seed.t.buffer, 0, local_seed.t.size); return CRYPT_SUCCESS; } |