From 76280ffec569f3e70a6928c7acd134c48a9a55bb Mon Sep 17 00:00:00 2001
From: Con Kolivas <kernel@kolivas.org>
Date: Thu, 17 Mar 2011 00:25:15 +1100
Subject: [PATCH] Mlock ivec for it will hold the injection vector.

---
 stream.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/stream.c b/stream.c
index 7338180..2774f64 100644
--- a/stream.c
+++ b/stream.c
@@ -1177,7 +1177,8 @@ retry:
 		if (unlikely(cti->c_len < CBC_LEN))
 			failure("Unable to encrypt when compressed blocks end up being less than %d bytes, this one being %lld\n",
 				CBC_LEN, cti->c_len);
-		memcpy(ivec, control->hash_iv, sizeof(ivec));
+		mlock(ivec, CBC_LEN);
+		memcpy(ivec, control->hash_iv, CBC_LEN);
 		M = cti->c_len % CBC_LEN;
 		N = cti->c_len - M;
 
@@ -1193,6 +1194,8 @@ retry:
 			memcpy(cti->s_buf + N, cti->s_buf + N - CBC_LEN, M);
 			memcpy(cti->s_buf + N - CBC_LEN, tmp1, CBC_LEN);
 		}
+		memset(ivec, 0, CBC_LEN);
+		munlock(ivec, CBC_LEN);
 	}
 
 	/* If compression fails for whatever reason multithreaded, then wait
@@ -1450,7 +1453,8 @@ fill_another:
 		unsigned char ivec[CBC_LEN], tmp0[CBC_LEN], tmp1[CBC_LEN];
 		i64 N, M;
 
-		memcpy(ivec, control->hash_iv, sizeof(ivec));
+		mlock(ivec, CBC_LEN);
+		memcpy(ivec, control->hash_iv, CBC_LEN);
 		M = c_len % CBC_LEN;
 		N = c_len - M;
 
@@ -1471,6 +1475,8 @@ fill_another:
 		} else
 			aes_crypt_cbc(&control->aes_ctx, AES_DECRYPT, c_len,
 				      ivec, s_buf, s_buf);
+		memset(ivec, 0, CBC_LEN);
+		munlock(ivec, CBC_LEN);
 	}
 
 	ucthread[s->uthread_no].s_buf = s_buf;