rgw: switch to ceph::crypto::zeroize_for_security().

CONFLICT: it seems rgw_kms.cc has been dissected from
rgw_crypto.cc in commit 1e5b58ad50eae9b6df7f28baf511f4902cfbae4c.
Because of that the `memset` occurances have been audited
manually during the backport process.

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
(cherry picked from commit 764010b2c3e779fe9910ff4a8b00ad1a2cafe49d)

diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc
index 00125a07539e678a56c93db3c5cac01cbea9ff93..198c4a146df35b9ac40e3db649274dd64e5030de 100644 (file)
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@ -42,7 +42,7 @@ public:
   explicit AES_256_CTR(CephContext* cct): cct(cct) {
   }
   ~AES_256_CTR() {
-    memset(key, 0, AES_256_KEYSIZE);
+    ::ceph::crypto::zeroize_for_security(key, AES_256_KEYSIZE);
   }
   bool set_key(const uint8_t* _key, size_t key_size) {
     if (key_size != AES_256_KEYSIZE) {
@@ -205,7 +205,7 @@ public:
   explicit AES_256_CBC(CephContext* cct): cct(cct) {
   }
   ~AES_256_CBC() {
-    memset(key, 0, AES_256_KEYSIZE);
+    ::ceph::crypto::zeroize_for_security(key, AES_256_KEYSIZE);
   }
   bool set_key(const uint8_t* _key, size_t key_size) {
     if (key_size != AES_256_KEYSIZE) {
@@ -776,7 +776,7 @@ static int request_key_from_barbican(CephContext *cct,
       secret_req.get_http_status() < 300 &&
       secret_bl.length() == AES_256_KEYSIZE) {
     actual_key.assign(secret_bl.c_str(), secret_bl.length());
-    memset(secret_bl.c_str(), 0, secret_bl.length());
+    ::ceph::crypto::zeroize_for_security(secret_bl.c_str(), secret_bl.length());
     } else {
       res = -EACCES;
     }
@@ -821,7 +821,7 @@ static int get_actual_key_from_kms(CephContext *cct,
       } else {
         res = -EIO;
       }
-      memset(_actual_key, 0, sizeof(_actual_key));
+      ::ceph::crypto::zeroize_for_security(_actual_key, sizeof(_actual_key));
     } else {
       ldout(cct, 20) << "Wrong size for key=" << key_id << dendl;
       res = -EIO;
@@ -1123,7 +1123,7 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
                               reinterpret_cast<const uint8_t*>(master_encryption_key.c_str()), AES_256_KEYSIZE,
                               reinterpret_cast<const uint8_t*>(key_selector.c_str()),
                               actual_key, AES_256_KEYSIZE) != true) {
-        memset(actual_key, 0, sizeof(actual_key));
+        ::ceph::crypto::zeroize_for_security(actual_key, sizeof(actual_key));
         return -EIO;
       }
       if (block_crypt) {
@@ -1131,7 +1131,7 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
         aes->set_key(reinterpret_cast<const uint8_t*>(actual_key), AES_256_KEYSIZE);
         *block_crypt = std::move(aes);
       }
-      memset(actual_key, 0, sizeof(actual_key));
+      ::ceph::crypto::zeroize_for_security(actual_key, sizeof(actual_key));
       return 0;
     }
   }
@@ -1296,12 +1296,12 @@ int rgw_s3_prepare_decrypt(struct req_state* s,
                             AES_256_KEYSIZE,
                             reinterpret_cast<const uint8_t*>(attr_key_selector.c_str()),
                             actual_key, AES_256_KEYSIZE) != true) {
-      memset(actual_key, 0, sizeof(actual_key));
+      ::ceph::crypto::zeroize_for_security(actual_key, sizeof(actual_key));
       return -EIO;
     }
     auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s->cct));
     aes->set_key(actual_key, AES_256_KEYSIZE);
-    memset(actual_key, 0, sizeof(actual_key));
+    ::ceph::crypto::zeroize_for_security(actual_key, sizeof(actual_key));
     if (block_crypt) *block_crypt = std::move(aes);
     return 0;
   }