crypto: hash - Use memzero_explicit() for clearing state

Without the barrier_data() inside memzero_explicit(), the compiler may optimize away the state-clearing if it can tell that the state is not used afterwards. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Arvind Sankar <nivedita@alum.mit.edu> 2020-10-25 17:31:15 +0300
committer: Herbert Xu <herbert@gondor.apana.org.au> 2020-10-30 09:35:03 +0300
commit: 458c0480dcb338d7b72e89b2e88a622965adcea4 (patch)
tree: b51f08386220bcd60c1a909f73f36233057acfe2 /include/crypto/sha512_base.h
parent: 1762818f25f3f99c5083caa13d69e5e5aa2e4b6f (diff)
download: linux-458c0480dcb338d7b72e89b2e88a622965adcea4.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/include/crypto/sha512_base.h b/include/crypto/sha512_base.h
index fb19c77494dc..93ab73baa38e 100644
--- a/include/crypto/sha512_base.h
+++ b/include/crypto/sha512_base.h
@@ -12,6 +12,7 @@
 #include <crypto/sha.h>
 #include <linux/crypto.h>
 #include <linux/module.h>
+#include <linux/string.h>
 
 #include <asm/unaligned.h>
 
@@ -126,7 +127,7 @@ static inline int sha512_base_finish(struct shash_desc *desc, u8 *out)
 	for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be64))
 		put_unaligned_be64(sctx->state[i], digest++);
 
-	*sctx = (struct sha512_state){};
+	memzero_explicit(sctx, sizeof(*sctx));
 	return 0;
 }
author	Arvind Sankar <nivedita@alum.mit.edu>	2020-10-25 17:31:15 +0300
committer	Herbert Xu <herbert@gondor.apana.org.au>	2020-10-30 09:35:03 +0300
commit	458c0480dcb338d7b72e89b2e88a622965adcea4 (patch)
tree	b51f08386220bcd60c1a909f73f36233057acfe2 /include/crypto/sha512_base.h
parent	1762818f25f3f99c5083caa13d69e5e5aa2e4b6f (diff)
download	linux-458c0480dcb338d7b72e89b2e88a622965adcea4.tar.xz