From 8c32c516eb1c1f9c14d25478442137c698788975 Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Tue, 14 Jul 2009 21:35:36 +0800
Subject: crypto: hash - Zap unaligned buffers

Some unaligned buffers on the stack weren't zapped properly which
may cause secret data to be leaked.  This patch fixes them by doing
a zero memset.

It is also possible for us to place random kernel stack contents
in the digest buffer if a digest operation fails.  This is fixed
by only copying if the operation succeeded.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
 crypto/ahash.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'crypto/ahash.c')

diff --git a/crypto/ahash.c b/crypto/ahash.c
index cc824ef25830..1576f95f9afe 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -152,8 +152,7 @@ static int ahash_setkey_unaligned(struct crypto_ahash *tfm, const u8 *key,
 	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
 	memcpy(alignbuffer, key, keylen);
 	ret = ahash->setkey(tfm, alignbuffer, keylen);
-	memset(alignbuffer, 0, keylen);
-	kfree(buffer);
+	kzfree(buffer);
 	return ret;
 }
 
-- 
cgit v1.2.3-59-g8ed1b