icp: Use explicit_memset() exclusively in gcm_clear_ctx()

d634d20 had been intended to fix a
potential information leak issue where the compiler's optimization
passes appeared to remove `memset()` operations that sanitize sensitive
data before memory is freed for use by the rest of the kernel.

When I wrote it, I had assumed that the compiler would not remove the
other `memset()` operations, but upon reflection, I have realized that
this was a bad assumption to make. I would rather have a very slight
amount of additional overhead when calling `gcm_clear_ctx()` than risk a
future compiler remove `memset()` calls. This is likely to happen if
someone decides to try doing link time optimization and the person will
not think to audit the assembly output for issues like this, so it is
best to preempt the possibility before it happens.

Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Rob Norris <[email protected]>
Reviewed-by: Alexander Motin <[email protected]>
Reviewed-by: Jorgen Lundman <[email protected]>
Signed-off-by: Richard Yao <[email protected]>
Closes #17343
(cherry picked from commit d8a33bc)

Author: ryao

module/icp/algs/modes/modes.c

@@ -182,12 +182,12 @@ gcm_clear_ctx(gcm_ctx_t *ctx)
 #if defined(CAN_USE_GCM_ASM)
 	if (ctx->gcm_use_avx == B_TRUE) {
 		ASSERT3P(ctx->gcm_Htable, !=, NULL);
-		memset(ctx->gcm_Htable, 0, ctx->gcm_htab_len);
+		explicit_memset(ctx->gcm_Htable, 0, ctx->gcm_htab_len);
 		kmem_free(ctx->gcm_Htable, ctx->gcm_htab_len);
 	}
 #endif
 	if (ctx->gcm_pt_buf != NULL) {
-		memset(ctx->gcm_pt_buf, 0, ctx->gcm_pt_buf_len);
+		explicit_memset(ctx->gcm_pt_buf, 0, ctx->gcm_pt_buf_len);
 		vmem_free(ctx->gcm_pt_buf, ctx->gcm_pt_buf_len);
 	}
 	/* Optional */