crypto: hash - Use memzero_explicit() for clearing state

Without the barrier_data() inside memzero_explicit(), the compiler may optimize away the state-clearing if it can tell that the state is not used afterwards. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Arvind Sankar <nivedita@alum.mit.edu> 2020-10-25 10:31:15 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2020-10-30 17:35:03 +1100
commit: 458c0480dcb338d7b72e89b2e88a622965adcea4 (patch)
tree: b51f08386220bcd60c1a909f73f36233057acfe2 /include/crypto/sha256_base.h
parent: 1762818f25f3f99c5083caa13d69e5e5aa2e4b6f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/include/crypto/sha256_base.h b/include/crypto/sha256_base.h
index 6ded110783ae..93f9fd21cc06 100644
--- a/include/crypto/sha256_base.h
+++ b/include/crypto/sha256_base.h
@@ -12,6 +12,7 @@
 #include <crypto/sha.h>
 #include <linux/crypto.h>
 #include <linux/module.h>
+#include <linux/string.h>
 
 #include <asm/unaligned.h>
 
@@ -105,7 +106,7 @@ static inline int sha256_base_finish(struct shash_desc *desc, u8 *out)
 	for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be32))
 		put_unaligned_be32(sctx->state[i], digest++);
 
-	*sctx = (struct sha256_state){};
+	memzero_explicit(sctx, sizeof(*sctx));
 	return 0;
 }
author	Arvind Sankar <nivedita@alum.mit.edu>	2020-10-25 10:31:15 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2020-10-30 17:35:03 +1100
commit	458c0480dcb338d7b72e89b2e88a622965adcea4 (patch)
tree	b51f08386220bcd60c1a909f73f36233057acfe2 /include/crypto/sha256_base.h
parent	1762818f25f3f99c5083caa13d69e5e5aa2e4b6f (diff)