diff options
author | Ilya Dryomov <idryomov@gmail.com> | 2020-12-22 19:00:48 +0100 |
---|---|---|
committer | Ilya Dryomov <idryomov@gmail.com> | 2021-01-04 17:31:32 +0100 |
commit | 10f42b3e648377b2f2f323a5530354710616c6cc (patch) | |
tree | df088d623ba005d946e6c8e3a30d68fd24ebe998 /net/ceph/crypto.c | |
parent | Linux 5.11-rc2 (diff) | |
download | linux-10f42b3e648377b2f2f323a5530354710616c6cc.tar.xz linux-10f42b3e648377b2f2f323a5530354710616c6cc.zip |
libceph: zero out session key and connection secret
Try and avoid leaving bits and pieces of session key and connection
secret (gets split into GCM key and a pair of GCM IVs) around.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Diffstat (limited to 'net/ceph/crypto.c')
-rw-r--r-- | net/ceph/crypto.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c index 4f75df40fb12..92d89b331645 100644 --- a/net/ceph/crypto.c +++ b/net/ceph/crypto.c @@ -96,6 +96,7 @@ int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end) key->len = ceph_decode_16(p); ceph_decode_need(p, end, key->len, bad); ret = set_secret(key, *p); + memzero_explicit(*p, key->len); *p += key->len; return ret; @@ -134,7 +135,7 @@ int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey) void ceph_crypto_key_destroy(struct ceph_crypto_key *key) { if (key) { - kfree(key->key); + kfree_sensitive(key->key); key->key = NULL; if (key->tfm) { crypto_free_sync_skcipher(key->tfm); |