From: Radoslaw Zarzynski <rzarzyns@redhat.com>
Date: Fri, 15 Nov 2019 23:42:54 +0000 (+0100)
Subject: rgw: add some missed FIPS zeroization calls.
X-Git-Tag: v14.2.8~20^2~56^2~5
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=abe9fea507055977513265909de1fb926769ff3f;p=ceph.git

rgw: add some missed FIPS zeroization calls.

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
(cherry picked from commit 32c84d4d35e599f6a510820b86a535a838ca2941)
---

diff --git a/src/rgw/rgw_ldap.cc b/src/rgw/rgw_ldap.cc
index 9e7156fc52bd..f2009b063cfa 100644
--- a/src/rgw/rgw_ldap.cc
+++ b/src/rgw/rgw_ldap.cc
@@ -3,6 +3,7 @@
 
 #include "rgw_ldap.h"
 
+#include "common/ceph_crypto.h"
 #include "common/ceph_context.h"
 #include "common/common_init.h"
 #include "common/dout.h"
@@ -35,6 +36,7 @@ std::string parse_rgw_ldap_bindpw(CephContext* ctx)
         if (ldap_bindpw.back() == '\n')
           ldap_bindpw.pop_back();
       }
+      ::ceph::crypto::zeroize_for_security(bindpw, sizeof(bindpw));
   }
 
   return ldap_bindpw;
diff --git a/src/rgw/rgw_swift_auth.cc b/src/rgw/rgw_swift_auth.cc
index 207c8eaad45c..eb0264a370fb 100644
--- a/src/rgw/rgw_swift_auth.cc
+++ b/src/rgw/rgw_swift_auth.cc
@@ -483,6 +483,7 @@ static int build_token(const string& swift_user,
     k[i % CEPH_CRYPTO_HMACSHA1_DIGESTSIZE] |= *s;
   }
   calc_hmac_sha1(k, sizeof(k), bl.c_str(), bl.length(), p.c_str());
+  ::ceph::crypto::zeroize_for_security(k, sizeof(k));
 
   bl.append(p);
 
diff --git a/src/rgw/rgw_torrent.cc b/src/rgw/rgw_torrent.cc
index 57c3f944c3fb..3fca9ba99f10 100644
--- a/src/rgw/rgw_torrent.cc
+++ b/src/rgw/rgw_torrent.cc
@@ -173,6 +173,7 @@ void seed::sha1(SHA1 *h, bufferlist &bl, off_t bl_len)
     h->Final((unsigned char *)sha);
     set_info_pieces(sha);
   }
+  ::ceph::crypto::zeroize_for_security(sha, sizeof(sha));
 }
 
 int seed::get_params()