summaryrefslogtreecommitdiffstats
path: root/net/ceph/crypto.c
diff options
context:
space:
mode:
authorIlya Dryomov <idryomov@gmail.com>2020-12-22 19:00:48 +0100
committerIlya Dryomov <idryomov@gmail.com>2021-01-04 17:31:32 +0100
commit10f42b3e648377b2f2f323a5530354710616c6cc (patch)
treedf088d623ba005d946e6c8e3a30d68fd24ebe998 /net/ceph/crypto.c
parentLinux 5.11-rc2 (diff)
downloadlinux-10f42b3e648377b2f2f323a5530354710616c6cc.tar.xz
linux-10f42b3e648377b2f2f323a5530354710616c6cc.zip
libceph: zero out session key and connection secret
Try and avoid leaving bits and pieces of session key and connection secret (gets split into GCM key and a pair of GCM IVs) around. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Jeff Layton <jlayton@kernel.org>
Diffstat (limited to 'net/ceph/crypto.c')
-rw-r--r--net/ceph/crypto.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 4f75df40fb12..92d89b331645 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -96,6 +96,7 @@ int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end)
key->len = ceph_decode_16(p);
ceph_decode_need(p, end, key->len, bad);
ret = set_secret(key, *p);
+ memzero_explicit(*p, key->len);
*p += key->len;
return ret;
@@ -134,7 +135,7 @@ int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey)
void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
{
if (key) {
- kfree(key->key);
+ kfree_sensitive(key->key);
key->key = NULL;
if (key->tfm) {
crypto_free_sync_skcipher(key->tfm);