[PATCH 1/9] crypto: authenc - don't leak pointers to authenc keys

Tudor Ambarus Wed, 21 Mar 2018 10:01:37 -0700

Signed-off-by: Tudor Ambarus <tudor.amba...@microchip.com>
---
 crypto/authenc.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)


diff --git a/crypto/authenc.c b/crypto/authenc.c
index d3d6d72..480a08b 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -87,8 +87,10 @@ static int crypto_authenc_setkey(struct crypto_aead 
*authenc, const u8 *key,
        struct crypto_authenc_keys keys;
        int err = -EINVAL;
 
-       if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
-               goto badkey;
+       if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) {
+               crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
+               goto out;
+       }
 
        crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK);
        crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc) &
@@ -108,11 +110,8 @@ static int crypto_authenc_setkey(struct crypto_aead 
*authenc, const u8 *key,
                                       CRYPTO_TFM_RES_MASK);
 
 out:
+       memzero_explicit(&keys, sizeof(keys));
        return err;
-
-badkey:
-       crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN);
-       goto out;
 }
 
 static void authenc_geniv_ahash_done(struct crypto_async_request *areq, int 
err)
-- 
2.9.4

[PATCH 1/9] crypto: authenc - don't leak pointers to authenc keys

Reply via email to