From: Kefu Chai <kchai@redhat.com>
Date: Sun, 24 Nov 2019 17:05:16 +0000 (+0800)
Subject: Merge pull request #31692 from rzarzynski/wip-fips-zeroize-memset_bzero
X-Git-Tag: v15.1.0~770
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=3e66ada64890ec53b07b401e1a760d4563b9c432;p=ceph-ci.git

Merge pull request #31692 from rzarzynski/wip-fips-zeroize-memset_bzero

FIPS: audit and switch some memset & bzero users

Reviewed-by: Marcus Watts <mwatts@redhat.com>
---

3e66ada64890ec53b07b401e1a760d4563b9c432
diff --cc src/rgw/rgw_kms.cc
index cb49193bb2e,ce40d1627a8..5a86b25fefc
--- a/src/rgw/rgw_kms.cc
+++ b/src/rgw/rgw_kms.cc
@@@ -182,10 -169,10 +182,10 @@@ static int request_key_from_vault_with_
      --res;
    }
    vault_token = std::string{buf, static_cast<size_t>(res)};
-   memset(buf, 0, sizeof(buf));
+   ::ceph::crypto::zeroize_for_security(buf, sizeof(buf));
  
 -  vault_addr = cct->_conf->rgw_crypt_vault_addr;
 -  if (vault_addr.empty()) {
 +  secret_url = cct->_conf->rgw_crypt_vault_addr;
 +  if (secret_url.empty()) {
      ldout(cct, 0) << "ERROR: Vault address not set in rgw_crypt_vault_addr" << dendl;
      return -EINVAL;
    }