git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Sabrina Dubroca <sd@queasysnail.net>
	Wed, 12 Sep 2018 15:44:42 +0000 (17:44 +0200)
committer	Juerg Haefliger <juergh@canonical.com>
	Wed, 24 Jul 2019 01:50:00 +0000 (19:50 -0600)
commit	028e572723a0a20f8ff7bac6978cc119580e3abf
tree	b4a5a7f0c14b5fb98823d22da27ea9e7f23fdd10	tree
parent	eeabb79b00e9866b6500502798b03af900067d66	commit \| diff

tls: zero the crypto information from tls_context before freeing

BugLink: https://bugs.launchpad.net/bugs/1836287
[ Upstream commit 86029d10af18381814881d6cce2dd6872163b59f ]

This contains key material in crypto_send_aes_gcm_128 and
crypto_recv_aes_gcm_128.

Introduce union tls_crypto_context, and replace the two identical
unions directly embedded in struct tls_context with it. We can then
use this union to clean up the memory in the new tls_ctx_free()
function.

Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

include/net/tls.h		diff \| blob \| blame \| history
net/tls/tls_main.c		diff \| blob \| blame \| history
net/tls/tls_sw.c		diff \| blob \| blame \| history