Hi Sabrina,
On 9/5/2018 4:21 PM, Sabrina Dubroca wrote:
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Sabrina Dubroca <s...@queasysnail.net>
---
net/tls/tls_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 180b6640e531..0d432d025471 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -499,7 +499,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, char
__user *optval,
goto out;
err_crypto_info:
- memset(crypto_info, 0, sizeof(*crypto_info));
+ memzero_explicit(crypto_info, sizeof(struct
tls12_crypto_info_aes_gcm_128));
Besides the key, there are other (not secret) information in
tls12_crypto_info_aes_gcm_128. I'd prefer you do not delete it to enable
users to obtain it (using getsockopt) in case we decide to implement a
fallback to userspace in the future. Such a fallback must obtain the
kernel's iv, and record sequence number.
Thanks,
Boris.
