Commit 9da40469 authored by paul luse's avatar paul luse Committed by Tomasz Zawadzki
Browse files

module/crypto: zero in memory keys before freeing memory 



For security.

Signed-off-by: default avatarpaul luse <paul.e.luse@intel.com>
Change-Id: I805d5d0c4584de0389316c00c1eaf43566fa2aea
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/2074


Reviewed-by: default avatarSeth Howell <seth.howell@intel.com>
Reviewed-by: default avatarChangpeng Liu <changpeng.liu@intel.com>
Reviewed-by: default avatarAleksey Marchuk <alexeymar@mellanox.com>
Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
Community-CI: Mellanox Build Bot
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
parent f5d63dfa

module/bdev/crypto/vbdev_crypto.c

+12 −3
Original line number Diff line number Diff line
@@ -1204,9 +1204,18 @@ _device_unregister_cb(void *io_device) 
	rte_cryptodev_sym_session_free(crypto_bdev->session_decrypt);

	rte_cryptodev_sym_session_free(crypto_bdev->session_encrypt);

	free(crypto_bdev->drv_name);

	if (crypto_bdev->key) {

		memset(crypto_bdev->key, 0, strnlen(crypto_bdev->key, (AES_CBC_KEY_LENGTH + 1)));

		free(crypto_bdev->key);

	}

	if (crypto_bdev->key2) {

		memset(crypto_bdev->key2, 0, strnlen(crypto_bdev->key2, (AES_XTS_KEY_LENGTH + 1)));

		free(crypto_bdev->key2);

	}

	if (crypto_bdev->xts_key) {

		memset(crypto_bdev->xts_key, 0, strnlen(crypto_bdev->xts_key, (AES_XTS_KEY_LENGTH * 2) + 1));

		free(crypto_bdev->xts_key);

	}

	free(crypto_bdev->crypto_bdev.name);

	free(crypto_bdev);

}