crypto: hash - Zap unaligned buffers Some unaligned buffers on the stack weren't zapped properly which may cause secret data to be leaked. This patch fixes them by doing a zero memset. It is also possible for us to place random kernel stack contents in the digest buffer if a digest operation fails. This is fixed by only copying if the operation succeeded. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

commit: 8c32c516eb1c1f9c14d25478442137c698788975 [log] [tgz]
author: Herbert Xu <herbert@gondor.apana.org.au> Tue Jul 14 21:35:36 2009 +0800
committer: Herbert Xu <herbert@gondor.apana.org.au> Tue Jul 14 21:35:36 2009 +0800
tree: ba238ddbff551ac6c445e90ad9698a5aba55876a
parent: 500b3e3c3dc8e4845b77ae81e5b7b085ab183ce6 [diff] [blame]
diff --git a/crypto/ahash.c b/crypto/ahash.c
index cc824ef2..1576f95 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c

@@ -152,8 +152,7 @@
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = ahash->setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return ret;
 }
commit	8c32c516eb1c1f9c14d25478442137c698788975	[log] [tgz]
author	Herbert Xu <herbert@gondor.apana.org.au>	Tue Jul 14 21:35:36 2009 +0800
committer	Herbert Xu <herbert@gondor.apana.org.au>	Tue Jul 14 21:35:36 2009 +0800
tree	ba238ddbff551ac6c445e90ad9698a5aba55876a
parent	500b3e3c3dc8e4845b77ae81e5b7b085ab183ce6 [diff] [blame]