diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2017-11-22 17:04:41 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-11-22 18:32:48 +0100 |
| commit | efd9db00963f7260662546bfa0e7d15869dd24ec (patch) | |
| tree | 5755a69bc160ccc93f6c3dd19300dec6b28067e6 | |
| parent | poly1305-x86_64: unclobber %rbp (diff) | |
| download | wireguard-monolithic-historical-efd9db00963f7260662546bfa0e7d15869dd24ec.tar.xz wireguard-monolithic-historical-efd9db00963f7260662546bfa0e7d15869dd24ec.zip | |
chacha20poly1305: poly cleans up its own state
| -rw-r--r-- | src/crypto/chacha20poly1305.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/src/crypto/chacha20poly1305.c b/src/crypto/chacha20poly1305.c index a00a2e0..1de7a84 100644 --- a/src/crypto/chacha20poly1305.c +++ b/src/crypto/chacha20poly1305.c @@ -626,7 +626,7 @@ static void poly1305_update(struct poly1305_ctx *ctx, const u8 *inp, size_t len) ctx->num = rem; } -static void poly1305_finish(struct poly1305_ctx * ctx, u8 mac[16]) +static void poly1305_finish(struct poly1305_ctx *ctx, u8 mac[16]) { #if defined(CONFIG_X86_64) || defined(CONFIG_ARM) || defined(CONFIG_ARM64) || (defined(CONFIG_MIPS) && defined(CONFIG_64BIT)) const poly1305_blocks_f blocks = ctx->func.blocks; @@ -699,7 +699,6 @@ static inline void __chacha20poly1305_encrypt(u8 *dst, const u8 *src, const size poly1305_finish(&poly1305_state, dst + src_len); - memzero_explicit(&poly1305_state, sizeof(poly1305_state)); memzero_explicit(&chacha20_state, sizeof(chacha20_state)); } @@ -767,7 +766,6 @@ bool chacha20poly1305_encrypt_sg(struct scatterlist *dst, struct scatterlist *sr poly1305_finish(&poly1305_state, mac); scatterwalk_map_and_copy(mac, dst, src_len, sizeof(mac), 1); err: - memzero_explicit(&poly1305_state, sizeof(poly1305_state)); memzero_explicit(&chacha20_state, sizeof(chacha20_state)); memzero_explicit(mac, sizeof(mac)); return !ret; @@ -810,7 +808,6 @@ static inline bool __chacha20poly1305_decrypt(u8 *dst, const u8 *src, const size poly1305_update(&poly1305_state, (u8 *)&len, sizeof(len)); poly1305_finish(&poly1305_state, mac); - memzero_explicit(&poly1305_state, sizeof(poly1305_state)); ret = crypto_memneq(mac, src + dst_len, POLY1305_MAC_SIZE); memzero_explicit(mac, POLY1305_MAC_SIZE); @@ -890,7 +887,6 @@ bool chacha20poly1305_decrypt_sg(struct scatterlist *dst, struct scatterlist *sr poly1305_update(&poly1305_state, (u8 *)&len, sizeof(len)); poly1305_finish(&poly1305_state, computed_mac); - memzero_explicit(&poly1305_state, sizeof(poly1305_state)); scatterwalk_map_and_copy(read_mac, src, dst_len, POLY1305_MAC_SIZE, 0); ret = crypto_memneq(read_mac, computed_mac, POLY1305_MAC_SIZE); |