[PATCH 06/12] digest: sha: remove no-op "erase" of automatic variables

Ahmad Fatoum a.fatoum at pengutronix.de
Wed Sep 30 03:19:59 EDT 2020


Some automatic variables are currently cleared as they may contain
"sensitive info". Any proper compiler would optimize away these
dead stores anyway, so just drop them.

Reported-by: clang-analyzer-10
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
 crypto/sha2.c | 4 ----
 crypto/sha4.c | 3 ---
 2 files changed, 7 deletions(-)

diff --git a/crypto/sha2.c b/crypto/sha2.c
index 3947a09f41bb..013f5bb3b248 100644
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
@@ -211,10 +211,6 @@ static void sha256_transform(u32 *state, const u8 *input)
 
 	state[0] += a; state[1] += b; state[2] += c; state[3] += d;
 	state[4] += e; state[5] += f; state[6] += g; state[7] += h;
-
-	/* clear any sensitive info... */
-	a = b = c = d = e = f = g = h = t1 = t2 = 0;
-	memset(W, 0, 64 * sizeof(u32));
 }
 
 static int sha224_init(struct digest *desc)
diff --git a/crypto/sha4.c b/crypto/sha4.c
index aad8081fa5b7..a2e90c0a2cae 100644
--- a/crypto/sha4.c
+++ b/crypto/sha4.c
@@ -124,9 +124,6 @@ sha512_transform(u64 *state, const u8 *input)
 
 	state[0] += a; state[1] += b; state[2] += c; state[3] += d;
 	state[4] += e; state[5] += f; state[6] += g; state[7] += h;
-
-	/* erase our data */
-	a = b = c = d = e = f = g = h = t1 = t2 = 0;
 }
 
 static int
-- 
2.28.0




More information about the barebox mailing list