lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20090530.230213.73434433.davem@davemloft.net>
Date:	Sat, 30 May 2009 23:02:13 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	research@...reption.com
Cc:	linux-kernel@...r.kernel.org, pageexec@...email.hu,
	linux-mm@...ck.org, torvalds@...l.org, riel@...hat.com,
	alan@...rguk.ukuu.org.uk, linux-crypto@...r.kernel.org,
	herbert@...dor.apana.org.au
Subject: Re: [PATCH] Use kzfree in crypto API context initialization and
 key/iv handling

From: "Larry H." <research@...reption.com>
Date: Sat, 30 May 2009 19:57:20 -0700

> [PATCH] Use kzfree in crypto API context initialization and key/iv handling

Thanks for not CC:ing the crypto list, and also not CC:'ing the
crypto maintainer.

Your submissions leave a lot to be desired, on every level.

> This patch replaces the kfree() calls within the crypto API (algorithms,
> key setup and handling, etc) with kzfree(), to enforce sanitization of
> the allocated memory.
> 
> This prevents such information from persisting on memory and eventually
> leak to other kernel users or during coldboot attacks.
> 
> This patch replaces kfree() for context (algorithm meta-data) structures
> too. Those are initialized or released once, and remain in use during the
> lifetime of the cipher/algorithm instance, therefore no performance impact
> exists for those specific changes.
> 
> This patch doesn't affect fastpaths.
> 
> Signed-off-by: Larry Highsmith <research@...reption.com>
> 
> ---
>  crypto/ablkcipher.c |    3 +--
>  crypto/aead.c       |    7 +++----
>  crypto/ahash.c      |    3 +--
>  crypto/algapi.c     |    4 ++--
>  crypto/algboss.c    |    8 ++++----
>  crypto/api.c        |   13 +++++--------
>  crypto/authenc.c    |    4 ++--
>  crypto/blkcipher.c  |   13 +++++++------
>  crypto/cbc.c        |    2 +-
>  crypto/ccm.c        |    8 ++++----
>  crypto/cipher.c     |    3 +--
>  crypto/cryptd.c     |    4 ++--
>  crypto/ctr.c        |    2 +-
>  crypto/cts.c        |    2 +-
>  crypto/deflate.c    |    4 ++--
>  crypto/ecb.c        |    2 +-
>  crypto/gcm.c        |   10 +++++-----
>  crypto/gf128mul.c   |    4 ++--
>  crypto/hash.c       |    3 +--
>  crypto/hmac.c       |    2 +-
>  crypto/lrw.c        |    2 +-
>  crypto/pcbc.c       |    2 +-
>  crypto/rng.c        |    2 +-
>  crypto/seqiv.c      |    4 ++--
>  crypto/shash.c      |    3 +--
>  crypto/xcbc.c       |    2 +-
>  crypto/xts.c        |    2 +-
>  27 files changed, 55 insertions(+), 63 deletions(-)
> 
> Index: linux-2.6/crypto/ablkcipher.c
> ===================================================================
> --- linux-2.6.orig/crypto/ablkcipher.c
> +++ linux-2.6/crypto/ablkcipher.c
> @@ -42,8 +42,7 @@ static int setkey_unaligned(struct crypt
>  	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
>  	memcpy(alignbuffer, key, keylen);
>  	ret = cipher->setkey(tfm, alignbuffer, keylen);
> -	memset(alignbuffer, 0, keylen);
> -	kfree(buffer);
> +	kzfree(buffer);
>  	return ret;
>  }
>  
> Index: linux-2.6/crypto/aead.c
> ===================================================================
> --- linux-2.6.orig/crypto/aead.c
> +++ linux-2.6/crypto/aead.c
> @@ -40,8 +40,7 @@ static int setkey_unaligned(struct crypt
>  	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
>  	memcpy(alignbuffer, key, keylen);
>  	ret = aead->setkey(tfm, alignbuffer, keylen);
> -	memset(alignbuffer, 0, keylen);
> -	kfree(buffer);
> +	kzfree(buffer);
>  	return ret;
>  }
>  
> @@ -298,7 +297,7 @@ out:
>  err_drop_alg:
>  	crypto_drop_aead(spawn);
>  err_free_inst:
> -	kfree(inst);
> +	kzfree(inst);
>  	inst = ERR_PTR(err);
>  	goto out;
>  }
> @@ -307,7 +306,7 @@ EXPORT_SYMBOL_GPL(aead_geniv_alloc);
>  void aead_geniv_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_aead(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  EXPORT_SYMBOL_GPL(aead_geniv_free);
>  
> Index: linux-2.6/crypto/ahash.c
> ===================================================================
> --- linux-2.6.orig/crypto/ahash.c
> +++ linux-2.6/crypto/ahash.c
> @@ -145,8 +145,7 @@ static int ahash_setkey_unaligned(struct
>  	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
>  	memcpy(alignbuffer, key, keylen);
>  	ret = ahash->setkey(tfm, alignbuffer, keylen);
> -	memset(alignbuffer, 0, keylen);
> -	kfree(buffer);
> +	kzfree(buffer);
>  	return ret;
>  }
>  
> Index: linux-2.6/crypto/algapi.c
> ===================================================================
> --- linux-2.6.orig/crypto/algapi.c
> +++ linux-2.6/crypto/algapi.c
> @@ -185,7 +185,7 @@ out:	
>  	return larval;
>  
>  free_larval:
> -	kfree(larval);
> +	kzfree(larval);
>  err:
>  	larval = ERR_PTR(ret);
>  	goto out;
> @@ -657,7 +657,7 @@ struct crypto_instance *crypto_alloc_ins
>  	return inst;
>  
>  err_free_inst:
> -	kfree(inst);
> +	kzfree(inst);
>  	return ERR_PTR(err);
>  }
>  EXPORT_SYMBOL_GPL(crypto_alloc_instance);
> Index: linux-2.6/crypto/algboss.c
> ===================================================================
> --- linux-2.6.orig/crypto/algboss.c
> +++ linux-2.6/crypto/algboss.c
> @@ -81,7 +81,7 @@ static int cryptomgr_probe(void *data)
>  		goto err;
>  
>  out:
> -	kfree(param);
> +	kzfree(param);
>  	module_put_and_exit(0);
>  
>  err:
> @@ -193,7 +193,7 @@ static int cryptomgr_schedule_probe(stru
>  	return NOTIFY_STOP;
>  
>  err_free_param:
> -	kfree(param);
> +	kzfree(param);
>  err_put_module:
>  	module_put(THIS_MODULE);
>  err:
> @@ -215,7 +215,7 @@ static int cryptomgr_test(void *data)
>  skiptest:
>  	crypto_alg_tested(param->driver, err);
>  
> -	kfree(param);
> +	kzfree(param);
>  	module_put_and_exit(0);
>  }
>  
> @@ -242,7 +242,7 @@ static int cryptomgr_schedule_test(struc
>  	return NOTIFY_STOP;
>  
>  err_free_param:
> -	kfree(param);
> +	kzfree(param);
>  err_put_module:
>  	module_put(THIS_MODULE);
>  err:
> Index: linux-2.6/crypto/api.c
> ===================================================================
> --- linux-2.6.orig/crypto/api.c
> +++ linux-2.6/crypto/api.c
> @@ -107,7 +107,7 @@ static void crypto_larval_destroy(struct
>  	BUG_ON(!crypto_is_larval(alg));
>  	if (larval->adult)
>  		crypto_mod_put(larval->adult);
> -	kfree(larval);
> +	kzfree(larval);
>  }
>  
>  struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask)
> @@ -151,7 +151,7 @@ static struct crypto_alg *crypto_larval_
>  	up_write(&crypto_alg_sem);
>  
>  	if (alg != &larval->alg)
> -		kfree(larval);
> +		kzfree(larval);
>  
>  	return alg;
>  }
> @@ -400,7 +400,7 @@ cra_init_failed:
>  out_free_tfm:
>  	if (err == -EAGAIN)
>  		crypto_shoot_alg(alg);
> -	kfree(tfm);
> +	kzfree(tfm);
>  out_err:
>  	tfm = ERR_PTR(err);
>  out:
> @@ -497,7 +497,7 @@ cra_init_failed:
>  out_free_tfm:
>  	if (err == -EAGAIN)
>  		crypto_shoot_alg(alg);
> -	kfree(mem);
> +	kzfree(mem);
>  out_err:
>  	tfm = ERR_PTR(err);
>  out:
> @@ -580,20 +580,17 @@ EXPORT_SYMBOL_GPL(crypto_alloc_tfm);
>  void crypto_destroy_tfm(void *mem, struct crypto_tfm *tfm)
>  {
>  	struct crypto_alg *alg;
> -	int size;
>  
>  	if (unlikely(!mem))
>  		return;
>  
>  	alg = tfm->__crt_alg;
> -	size = ksize(mem);
>  
>  	if (!tfm->exit && alg->cra_exit)
>  		alg->cra_exit(tfm);
>  	crypto_exit_ops(tfm);
>  	crypto_mod_put(alg);
> -	memset(mem, 0, size);
> -	kfree(mem);
> +	kzfree(mem);
>  }
>  EXPORT_SYMBOL_GPL(crypto_destroy_tfm);
>  
> Index: linux-2.6/crypto/authenc.c
> ===================================================================
> --- linux-2.6.orig/crypto/authenc.c
> +++ linux-2.6/crypto/authenc.c
> @@ -461,7 +461,7 @@ err_drop_enc:
>  err_drop_auth:
>  	crypto_drop_spawn(&ctx->auth);
>  err_free_inst:
> -	kfree(inst);
> +	kzfree(inst);
>  out_put_auth:
>  	inst = ERR_PTR(err);
>  	goto out;
> @@ -473,7 +473,7 @@ static void crypto_authenc_free(struct c
>  
>  	crypto_drop_skcipher(&ctx->enc);
>  	crypto_drop_spawn(&ctx->auth);
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_authenc_tmpl = {
> Index: linux-2.6/crypto/blkcipher.c
> ===================================================================
> --- linux-2.6.orig/crypto/blkcipher.c
> +++ linux-2.6/crypto/blkcipher.c
> @@ -136,9 +136,11 @@ err:
>  	if (walk->iv != desc->info)
>  		memcpy(desc->info, walk->iv, crypto_blkcipher_ivsize(tfm));
>  	if (walk->buffer != walk->page)
> -		kfree(walk->buffer);
> -	if (walk->page)
> +		kzfree(walk->buffer);
> +	if (walk->page) {
> +		memset(walk->page, 0, PAGE_SIZE);
>  		free_page((unsigned long)walk->page);
> +	}
>  
>  	return err;
>  }
> @@ -373,8 +375,7 @@ static int setkey_unaligned(struct crypt
>  	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
>  	memcpy(alignbuffer, key, keylen);
>  	ret = cipher->setkey(tfm, alignbuffer, keylen);
> -	memset(alignbuffer, 0, keylen);
> -	kfree(buffer);
> +	kzfree(buffer);
>  	return ret;
>  }
>  
> @@ -661,7 +662,7 @@ out:
>  err_drop_alg:
>  	crypto_drop_skcipher(spawn);
>  err_free_inst:
> -	kfree(inst);
> +	kzfree(inst);
>  	inst = ERR_PTR(err);
>  	goto out;
>  }
> @@ -670,7 +671,7 @@ EXPORT_SYMBOL_GPL(skcipher_geniv_alloc);
>  void skcipher_geniv_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_skcipher(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  EXPORT_SYMBOL_GPL(skcipher_geniv_free);
>  
> Index: linux-2.6/crypto/cbc.c
> ===================================================================
> --- linux-2.6.orig/crypto/cbc.c
> +++ linux-2.6/crypto/cbc.c
> @@ -264,7 +264,7 @@ out_put_alg:
>  static void crypto_cbc_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_cbc_tmpl = {
> Index: linux-2.6/crypto/ccm.c
> ===================================================================
> --- linux-2.6.orig/crypto/ccm.c
> +++ linux-2.6/crypto/ccm.c
> @@ -565,7 +565,7 @@ err_drop_ctr:
>  err_drop_cipher:
>  	crypto_drop_spawn(&ictx->cipher);
>  err_free_inst:
> -	kfree(inst);
> +	kzfree(inst);
>  out_put_cipher:
>  	inst = ERR_PTR(err);
>  	goto out;
> @@ -600,7 +600,7 @@ static void crypto_ccm_free(struct crypt
>  
>  	crypto_drop_spawn(&ctx->cipher);
>  	crypto_drop_skcipher(&ctx->ctr);
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_ccm_tmpl = {
> @@ -831,7 +831,7 @@ out:
>  out_drop_alg:
>  	crypto_drop_aead(spawn);
>  out_free_inst:
> -	kfree(inst);
> +	kzfree(inst);
>  	inst = ERR_PTR(err);
>  	goto out;
>  }
> @@ -839,7 +839,7 @@ out_free_inst:
>  static void crypto_rfc4309_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_rfc4309_tmpl = {
> Index: linux-2.6/crypto/cipher.c
> ===================================================================
> --- linux-2.6.orig/crypto/cipher.c
> +++ linux-2.6/crypto/cipher.c
> @@ -37,8 +37,7 @@ static int setkey_unaligned(struct crypt
>  	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
>  	memcpy(alignbuffer, key, keylen);
>  	ret = cia->cia_setkey(tfm, alignbuffer, keylen);
> -	memset(alignbuffer, 0, keylen);
> -	kfree(buffer);
> +	kzfree(buffer);
>  	return ret;
>  
>  }
> Index: linux-2.6/crypto/cryptd.c
> ===================================================================
> --- linux-2.6.orig/crypto/cryptd.c
> +++ linux-2.6/crypto/cryptd.c
> @@ -225,7 +225,7 @@ out:
>  	return inst;
>  
>  out_free_inst:
> -	kfree(inst);
> +	kzfree(inst);
>  	inst = ERR_PTR(err);
>  	goto out;
>  }
> @@ -527,7 +527,7 @@ static void cryptd_free(struct crypto_in
>  	struct cryptd_instance_ctx *ctx = crypto_instance_ctx(inst);
>  
>  	crypto_drop_spawn(&ctx->spawn);
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template cryptd_tmpl = {
> Index: linux-2.6/crypto/ctr.c
> ===================================================================
> --- linux-2.6.orig/crypto/ctr.c
> +++ linux-2.6/crypto/ctr.c
> @@ -231,7 +231,7 @@ out_put_alg:
>  static void crypto_ctr_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_ctr_tmpl = {
> Index: linux-2.6/crypto/cts.c
> ===================================================================
> --- linux-2.6.orig/crypto/cts.c
> +++ linux-2.6/crypto/cts.c
> @@ -326,7 +326,7 @@ out_put_alg:
>  static void crypto_cts_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_cts_tmpl = {
> Index: linux-2.6/crypto/deflate.c
> ===================================================================
> --- linux-2.6.orig/crypto/deflate.c
> +++ linux-2.6/crypto/deflate.c
> @@ -86,7 +86,7 @@ static int deflate_decomp_init(struct de
>  out:
>  	return ret;
>  out_free:
> -	kfree(stream->workspace);
> +	kzfree(stream->workspace);
>  	goto out;
>  }
>  
> @@ -99,7 +99,7 @@ static void deflate_comp_exit(struct def
>  static void deflate_decomp_exit(struct deflate_ctx *ctx)
>  {
>  	zlib_inflateEnd(&ctx->decomp_stream);
> -	kfree(ctx->decomp_stream.workspace);
> +	kzfree(ctx->decomp_stream.workspace);
>  }
>  
>  static int deflate_init(struct crypto_tfm *tfm)
> Index: linux-2.6/crypto/ecb.c
> ===================================================================
> --- linux-2.6.orig/crypto/ecb.c
> +++ linux-2.6/crypto/ecb.c
> @@ -160,7 +160,7 @@ out_put_alg:
>  static void crypto_ecb_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_ecb_tmpl = {
> Index: linux-2.6/crypto/gcm.c
> ===================================================================
> --- linux-2.6.orig/crypto/gcm.c
> +++ linux-2.6/crypto/gcm.c
> @@ -242,7 +242,7 @@ static int crypto_gcm_setkey(struct cryp
>  		err = -ENOMEM;
>  
>  out:
> -	kfree(data);
> +	kzfree(data);
>  	return err;
>  }
>  
> @@ -507,7 +507,7 @@ out:
>  out_put_ctr:
>  	crypto_drop_skcipher(&ctx->ctr);
>  err_free_inst:
> -	kfree(inst);
> +	kzfree(inst);
>  	inst = ERR_PTR(err);
>  	goto out;
>  }
> @@ -540,7 +540,7 @@ static void crypto_gcm_free(struct crypt
>  	struct gcm_instance_ctx *ctx = crypto_instance_ctx(inst);
>  
>  	crypto_drop_skcipher(&ctx->ctr);
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_gcm_tmpl = {
> @@ -762,7 +762,7 @@ out:
>  out_drop_alg:
>  	crypto_drop_aead(spawn);
>  out_free_inst:
> -	kfree(inst);
> +	kzfree(inst);
>  	inst = ERR_PTR(err);
>  	goto out;
>  }
> @@ -770,7 +770,7 @@ out_free_inst:
>  static void crypto_rfc4106_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_rfc4106_tmpl = {
> Index: linux-2.6/crypto/gf128mul.c
> ===================================================================
> --- linux-2.6.orig/crypto/gf128mul.c
> +++ linux-2.6/crypto/gf128mul.c
> @@ -352,8 +352,8 @@ void gf128mul_free_64k(struct gf128mul_6
>  	int i;
>  
>  	for (i = 0; i < 16; i++)
> -		kfree(t->t[i]);
> -	kfree(t);
> +		kzfree(t->t[i]);
> +	kzfree(t);
>  }
>  EXPORT_SYMBOL(gf128mul_free_64k);
>  
> Index: linux-2.6/crypto/hash.c
> ===================================================================
> --- linux-2.6.orig/crypto/hash.c
> +++ linux-2.6/crypto/hash.c
> @@ -42,8 +42,7 @@ static int hash_setkey_unaligned(struct 
>  	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
>  	memcpy(alignbuffer, key, keylen);
>  	ret = alg->setkey(crt, alignbuffer, keylen);
> -	memset(alignbuffer, 0, keylen);
> -	kfree(buffer);
> +	kzfree(buffer);
>  	return ret;
>  }
>  
> Index: linux-2.6/crypto/hmac.c
> ===================================================================
> --- linux-2.6.orig/crypto/hmac.c
> +++ linux-2.6/crypto/hmac.c
> @@ -218,7 +218,7 @@ static void hmac_exit_tfm(struct crypto_
>  static void hmac_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_instance *hmac_alloc(struct rtattr **tb)
> Index: linux-2.6/crypto/lrw.c
> ===================================================================
> --- linux-2.6.orig/crypto/lrw.c
> +++ linux-2.6/crypto/lrw.c
> @@ -287,7 +287,7 @@ out_put_alg:
>  static void free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_tmpl = {
> Index: linux-2.6/crypto/pcbc.c
> ===================================================================
> --- linux-2.6.orig/crypto/pcbc.c
> +++ linux-2.6/crypto/pcbc.c
> @@ -270,7 +270,7 @@ out_put_alg:
>  static void crypto_pcbc_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_pcbc_tmpl = {
> Index: linux-2.6/crypto/rng.c
> ===================================================================
> --- linux-2.6.orig/crypto/rng.c
> +++ linux-2.6/crypto/rng.c
> @@ -42,7 +42,7 @@ static int rngapi_reset(struct crypto_rn
>  
>  	err = crypto_rng_alg(tfm)->rng_reset(tfm, seed, slen);
>  
> -	kfree(buf);
> +	kzfree(buf);
>  	return err;
>  }
>  
> Index: linux-2.6/crypto/seqiv.c
> ===================================================================
> --- linux-2.6.orig/crypto/seqiv.c
> +++ linux-2.6/crypto/seqiv.c
> @@ -43,7 +43,7 @@ static void seqiv_complete2(struct skcip
>  	memcpy(req->creq.info, subreq->info, crypto_ablkcipher_ivsize(geniv));
>  
>  out:
> -	kfree(subreq->info);
> +	kzfree(subreq->info);
>  }
>  
>  static void seqiv_complete(struct crypto_async_request *base, int err)
> @@ -69,7 +69,7 @@ static void seqiv_aead_complete2(struct 
>  	memcpy(req->areq.iv, subreq->iv, crypto_aead_ivsize(geniv));
>  
>  out:
> -	kfree(subreq->iv);
> +	kzfree(subreq->iv);
>  }
>  
>  static void seqiv_aead_complete(struct crypto_async_request *base, int err)
> Index: linux-2.6/crypto/shash.c
> ===================================================================
> --- linux-2.6.orig/crypto/shash.c
> +++ linux-2.6/crypto/shash.c
> @@ -44,8 +44,7 @@ static int shash_setkey_unaligned(struct
>  	alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
>  	memcpy(alignbuffer, key, keylen);
>  	err = shash->setkey(tfm, alignbuffer, keylen);
> -	memset(alignbuffer, 0, keylen);
> -	kfree(buffer);
> +	kzfree(buffer);
>  	return err;
>  }
>  
> Index: linux-2.6/crypto/xcbc.c
> ===================================================================
> --- linux-2.6.orig/crypto/xcbc.c
> +++ linux-2.6/crypto/xcbc.c
> @@ -346,7 +346,7 @@ out_put_alg:
>  static void xcbc_free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_xcbc_tmpl = {
> Index: linux-2.6/crypto/xts.c
> ===================================================================
> --- linux-2.6.orig/crypto/xts.c
> +++ linux-2.6/crypto/xts.c
> @@ -264,7 +264,7 @@ out_put_alg:
>  static void free(struct crypto_instance *inst)
>  {
>  	crypto_drop_spawn(crypto_instance_ctx(inst));
> -	kfree(inst);
> +	kzfree(inst);
>  }
>  
>  static struct crypto_template crypto_tmpl = {
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ