From 9da404699eb140058478e14d7bb38752e172fe65 Mon Sep 17 00:00:00 2001
From: paul luse <paul.e.luse@intel.com>
Date: Tue, 28 Apr 2020 20:04:55 -0400
Subject: [PATCH] module/crypto: zero in memory keys before freeing memory

For security.

Signed-off-by: paul luse <paul.e.luse@intel.com>
Change-Id: I805d5d0c4584de0389316c00c1eaf43566fa2aea
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/2074
Reviewed-by: Seth Howell <seth.howell@intel.com>
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Aleksey Marchuk <alexeymar@mellanox.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Community-CI: Mellanox Build Bot
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
---
 module/bdev/crypto/vbdev_crypto.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/module/bdev/crypto/vbdev_crypto.c b/module/bdev/crypto/vbdev_crypto.c
index 69b1af6f2..7bdf153c3 100644
--- a/module/bdev/crypto/vbdev_crypto.c
+++ b/module/bdev/crypto/vbdev_crypto.c
@@ -1204,9 +1204,18 @@ _device_unregister_cb(void *io_device)
 	rte_cryptodev_sym_session_free(crypto_bdev->session_decrypt);
 	rte_cryptodev_sym_session_free(crypto_bdev->session_encrypt);
 	free(crypto_bdev->drv_name);
-	free(crypto_bdev->key);
-	free(crypto_bdev->key2);
-	free(crypto_bdev->xts_key);
+	if (crypto_bdev->key) {
+		memset(crypto_bdev->key, 0, strnlen(crypto_bdev->key, (AES_CBC_KEY_LENGTH + 1)));
+		free(crypto_bdev->key);
+	}
+	if (crypto_bdev->key2) {
+		memset(crypto_bdev->key2, 0, strnlen(crypto_bdev->key2, (AES_XTS_KEY_LENGTH + 1)));
+		free(crypto_bdev->key2);
+	}
+	if (crypto_bdev->xts_key) {
+		memset(crypto_bdev->xts_key, 0, strnlen(crypto_bdev->xts_key, (AES_XTS_KEY_LENGTH * 2) + 1));
+		free(crypto_bdev->xts_key);
+	}
 	free(crypto_bdev->crypto_bdev.name);
 	free(crypto_bdev);
 }