diff options
author | Yicheng Li <yichengli@chromium.org> | 2019-08-01 13:16:23 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-09-04 16:36:36 +0000 |
commit | f7a32618bcacfb3b3ecba62d338aa24dc4a211d1 (patch) | |
tree | 072a25449221dc3e49d9f3cc7e11b83d6ceb0fec /common/fpsensor/fpsensor_crypto.c | |
parent | 519f9cdf0d50d87111e45227e9f0efea3686a8e1 (diff) | |
download | chrome-ec-f7a32618bcacfb3b3ecba62d338aa24dc4a211d1.tar.gz |
fpsensor: replace memset() with always_memset()
In fpsensor code, use always_memset() in place of memset().
BRANCH=nocturne
BUG=chromium:968809,chromium:989594,b:130238794
TEST=make -j buildall
TEST=tested enrollment, matching and multifinger on nocturne DUT
Change-Id: I29e32bd2838c1f240607799e61f29759aaee7600
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1737206
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Diffstat (limited to 'common/fpsensor/fpsensor_crypto.c')
-rw-r--r-- | common/fpsensor/fpsensor_crypto.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index 6385b7116d..d5bbd03c38 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -5,6 +5,7 @@ #include "aes.h" #include "aes-gcm.h" +#include "cryptoc/util.h" #include "fpsensor_crypto.h" #include "fpsensor_private.h" #include "fpsensor_state.h" @@ -77,7 +78,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, hmac_SHA256(key_buf, prk, prk_size, message_buf, info_size + 1); memcpy(out_key, key_buf, out_key_size); - memset(key_buf, 0, sizeof(key_buf)); + always_memset(key_buf, 0, sizeof(key_buf)); return EC_SUCCESS; } @@ -100,7 +101,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) /* "Extract step of HKDF. */ hkdf_extract(prk, salt, FP_CONTEXT_SALT_BYTES, ikm, sizeof(ikm)); - memset(ikm, 0, sizeof(ikm)); + always_memset(ikm, 0, sizeof(ikm)); /* * Only 1 "expand" step of HKDF since the size of the "info" context @@ -109,7 +110,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) */ ret = hkdf_expand_one_step(out_key, SBP_ENC_KEY_LEN, prk, sizeof(prk), (uint8_t *)user_id, sizeof(user_id)); - memset(prk, 0, sizeof(prk)); + always_memset(prk, 0, sizeof(prk)); return ret; } |