From: Radoslaw Zarzynski <rzarzyns@redhat.com>
Date: Fri, 15 Nov 2019 22:25:32 +0000 (+0100)
Subject: common: switch to ceph::crypto::zeroize_for_security().
X-Git-Tag: v14.2.8~20^2~56^2~11
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=cccb3ec4e724c5a151821d85f1567e5a6a18863b;p=ceph.git

common: switch to ceph::crypto::zeroize_for_security().

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
(cherry picked from commit a5e19234eda35688782318da16e74de05c8ba9d3)
---

diff --git a/src/common/ceph_crypto.h b/src/common/ceph_crypto.h
index dda3306b2a60..03351eb4053b 100644
--- a/src/common/ceph_crypto.h
+++ b/src/common/ceph_crypto.h
@@ -244,7 +244,9 @@ namespace ceph::crypto::ssl {
   public:
     HMAC (const EVP_MD *type, const unsigned char *key, size_t length)
       : mpType(type) {
-      ::memset(&mContext, 0, sizeof(mContext));
+      // the strict FIPS zeroization doesn't seem to be necessary here.
+      // just in the case.
+      ::ceph::crypto::zeroize_for_security(&mContext, sizeof(mContext));
       const auto r = HMAC_Init_ex(&mContext, key, length, mpType, nullptr);
       if (r != 1) {
 	  throw DigestException("HMAC_Init_ex() failed");