Its been mentioned to me a few times that the ansi_cprng doesn't zero out its
data when a context is freed. Given that we store key, and other seed data in
that structure, I think its probably a good idea that we zero it out. This
patch does that.
Regards
Neil
Signed-off-by: Neil Horman <nhorman@xxxxxxxxxxxxx>
ansi_cprng.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
index 72db0fd..e6ad373 100644
--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -266,6 +266,7 @@ done:
static void free_prng_context(struct prng_context *ctx)
{
crypto_free_cipher(ctx->tfm);
+ memset(ctx, 0, sizeof(struct prng_context));
}
static int reset_prng_context(struct prng_context *ctx,
--
/****************************************************
* Neil Horman <nhorman@xxxxxxxxxxxxx>
* Software Engineer, Red Hat
****************************************************/
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
