KEYS: encrypted: sanitize all key material
authorEric Biggers <ebiggers@google.com>
Thu, 8 Jun 2017 13:49:11 +0000 (14:49 +0100)
committerJames Morris <james.l.morris@oracle.com>
Fri, 9 Jun 2017 03:29:48 +0000 (13:29 +1000)
commita9dd74b252e04b7e41ffe78d418b896b33b70a13
treef24d382b8b346df646071b491f2db395a1735b65
parent6966c74932b328b3d6df92b11b083bfbcd067986
KEYS: encrypted: sanitize all key material

For keys of type "encrypted", consistently zero sensitive key material
before freeing it.  This was already being done for the decrypted
payloads of encrypted keys, but not for the master key and the keys
derived from the master key.

Out of an abundance of caution and because it is trivial to do so, also
zero buffers containing the key payload in encrypted form, although
depending on how the encrypted-keys feature is used such information
does not necessarily need to be kept secret.

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Safford <safford@us.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/keys/encrypted-keys/encrypted.c