From 2531d50101991011fb1c7755d48f11b41f092628 Mon Sep 17 00:00:00 2001 From: Benoît Ganne Date: Tue, 20 Oct 2020 14:12:20 +0200 Subject: wireguard: reset secret data before freeing it MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Type: fix Change-Id: I880bdd55ae5da0b9775a3fb548d44512348a7bc6 Signed-off-by: Benoît Ganne --- src/plugins/wireguard/wireguard_noise.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c index 00b67109de4..850be2c86c8 100755 --- a/src/plugins/wireguard/wireguard_noise.c +++ b/src/plugins/wireguard/wireguard_noise.c @@ -161,8 +161,8 @@ noise_create_initiation (vlib_main_t * vm, noise_remote_t * r, *s_idx = hs->hs_local_index; ret = true; error: - vnet_crypto_key_del (vm, key_idx); secure_zero_memory (key, NOISE_SYMMETRIC_KEY_LEN); + vnet_crypto_key_del (vm, key_idx); return ret; } @@ -244,8 +244,8 @@ noise_consume_initiation (vlib_main_t * vm, noise_local_t * l, ret = true; error: - vnet_crypto_key_del (vm, key_idx); secure_zero_memory (key, NOISE_SYMMETRIC_KEY_LEN); + vnet_crypto_key_del (vm, key_idx); secure_zero_memory (&hs, sizeof (hs)); return ret; } @@ -297,8 +297,8 @@ noise_create_response (vlib_main_t * vm, noise_remote_t * r, uint32_t * s_idx, *s_idx = hs->hs_local_index; ret = true; error: - vnet_crypto_key_del (vm, key_idx); secure_zero_memory (key, NOISE_SYMMETRIC_KEY_LEN); + vnet_crypto_key_del (vm, key_idx); secure_zero_memory (e, NOISE_PUBLIC_KEY_LEN); return ret; } @@ -358,9 +358,9 @@ noise_consume_response (vlib_main_t * vm, noise_remote_t * r, uint32_t s_idx, ret = true; } error: - vnet_crypto_key_del (vm, key_idx); secure_zero_memory (&hs, sizeof (hs)); secure_zero_memory (key, NOISE_SYMMETRIC_KEY_LEN); + vnet_crypto_key_del (vm, key_idx); return ret; } -- cgit 1.2.3-korg