Re: [PATCH] crypto: drbg: use memzero_explicit() for clearing sensitive data

On Mon, Nov 24, 2014 at 10:21:16AM -0500, Nickolaus Woodruff wrote: > diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h > index 5186f75..13471a2 100644 > --- a/include/crypto/drbg.h > +++ b/include/crypto/drbg.h > @@ -45,6 +45,7 @@ > #include > #include > #include > +#include Why a

[PATCH] crypto: drbg: use memzero_explicit() for clearing sensitive data

Compiler dead store optimization can sometimes remove final calls to memset() used to clear sensitive data at the end of a function. Replace trailing memset() calls with memzero_explicit() to preclude unwanted removal. Signed-off-by: Nickolaus Woodruff --- crypto/drbg.c | 22 +++-