common: switch to ceph::crypto::zeroize_for_security().

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
(cherry picked from commit a5e19234eda35688782318da16e74de05c8ba9d3)

diff --git a/src/common/ceph_crypto.h b/src/common/ceph_crypto.h
index dda3306b2a60e12497b66213da180698beb456c2..03351eb4053b1e600bcd362a7b226f2f38241036 100644 (file)
--- a/src/common/ceph_crypto.h
+++ b/src/common/ceph_crypto.h
@@ -244,7 +244,9 @@ namespace ceph::crypto::ssl {
   public:
     HMAC (const EVP_MD *type, const unsigned char *key, size_t length)
       : mpType(type) {
-      ::memset(&mContext, 0, sizeof(mContext));
+      // the strict FIPS zeroization doesn't seem to be necessary here.
+      // just in the case.
+      ::ceph::crypto::zeroize_for_security(&mContext, sizeof(mContext));
       const auto r = HMAC_Init_ex(&mContext, key, length, mpType, nullptr);
       if (r != 1) {
          throw DigestException("HMAC_Init_ex() failed");