aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2020-10-20 14:12:20 +0200
committerAndrew Yourtchenko <ayourtch@gmail.com>2020-11-12 12:33:25 +0000
commit73a347660205b96693d50cbd754be8d838dd5ae6 (patch)
treecd22589afe823be9cb263284e6a558ecb2203aaf /src
parent07aeedd242da8d46ca74c1ad47d4876daa150c22 (diff)
wireguard: reset secret data before freeing it
Type: fix Change-Id: I880bdd55ae5da0b9775a3fb548d44512348a7bc6 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 2531d50101991011fb1c7755d48f11b41f092628)
Diffstat (limited to 'src')
-rwxr-xr-xsrc/plugins/wireguard/wireguard_noise.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c
index 00b67109de4..850be2c86c8 100755
--- a/src/plugins/wireguard/wireguard_noise.c
+++ b/src/plugins/wireguard/wireguard_noise.c
@@ -161,8 +161,8 @@ noise_create_initiation (vlib_main_t * vm, noise_remote_t * r,
*s_idx = hs->hs_local_index;
ret = true;
error:
- vnet_crypto_key_del (vm, key_idx);
secure_zero_memory (key, NOISE_SYMMETRIC_KEY_LEN);
+ vnet_crypto_key_del (vm, key_idx);
return ret;
}
@@ -244,8 +244,8 @@ noise_consume_initiation (vlib_main_t * vm, noise_local_t * l,
ret = true;
error:
- vnet_crypto_key_del (vm, key_idx);
secure_zero_memory (key, NOISE_SYMMETRIC_KEY_LEN);
+ vnet_crypto_key_del (vm, key_idx);
secure_zero_memory (&hs, sizeof (hs));
return ret;
}
@@ -297,8 +297,8 @@ noise_create_response (vlib_main_t * vm, noise_remote_t * r, uint32_t * s_idx,
*s_idx = hs->hs_local_index;
ret = true;
error:
- vnet_crypto_key_del (vm, key_idx);
secure_zero_memory (key, NOISE_SYMMETRIC_KEY_LEN);
+ vnet_crypto_key_del (vm, key_idx);
secure_zero_memory (e, NOISE_PUBLIC_KEY_LEN);
return ret;
}
@@ -358,9 +358,9 @@ noise_consume_response (vlib_main_t * vm, noise_remote_t * r, uint32_t s_idx,
ret = true;
}
error:
- vnet_crypto_key_del (vm, key_idx);
secure_zero_memory (&hs, sizeof (hs));
secure_zero_memory (key, NOISE_SYMMETRIC_KEY_LEN);
+ vnet_crypto_key_del (vm, key_idx);
return ret;
}