In crypto_authenc_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize it after use. Fix this and don't leak pointers to the authenc keys. Signed-off-by: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx> --- crypto/authenc.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/crypto/authenc.c b/crypto/authenc.c index d3d6d72..480a08b 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -87,8 +87,10 @@ static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, struct crypto_authenc_keys keys; int err = -EINVAL; - if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) - goto badkey; + if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) { + crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN); + goto out; + } crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK); crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc) & @@ -108,11 +110,8 @@ static int crypto_authenc_setkey(struct crypto_aead *authenc, const u8 *key, CRYPTO_TFM_RES_MASK); out: + memzero_explicit(&keys, sizeof(keys)); return err; - -badkey: - crypto_aead_set_flags(authenc, CRYPTO_TFM_RES_BAD_KEY_LEN); - goto out; } static void authenc_geniv_ahash_done(struct crypto_async_request *areq, int err) -- 2.9.4