Commit acd3e96d authored by Jakub Kicinski's avatar Jakub Kicinski Committed by David S. Miller

net/tls: make sure offload also gets the keys wiped

Commit 86029d10 ("tls: zero the crypto information from tls_context
before freeing") added memzero_explicit() calls to clear the key material
before freeing struct tls_context, but it missed tls_device.c has its
own way of freeing this structure. Replace the missing free.

Fixes: 86029d10 ("tls: zero the crypto information from tls_context before freeing")
Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: default avatarDirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 618bac45
......@@ -313,6 +313,7 @@ struct tls_offload_context_rx {
(ALIGN(sizeof(struct tls_offload_context_rx), sizeof(void *)) + \
TLS_DRIVER_STATE_SIZE)
void tls_ctx_free(struct tls_context *ctx);
int wait_on_pending_writer(struct sock *sk, long *timeo);
int tls_sk_query(struct sock *sk, int optname, char __user *optval,
int __user *optlen);
......
......@@ -61,7 +61,7 @@ static void tls_device_free_ctx(struct tls_context *ctx)
if (ctx->rx_conf == TLS_HW)
kfree(tls_offload_ctx_rx(ctx));
kfree(ctx);
tls_ctx_free(ctx);
}
static void tls_device_gc_task(struct work_struct *work)
......
......@@ -251,7 +251,7 @@ static void tls_write_space(struct sock *sk)
ctx->sk_write_space(sk);
}
static void tls_ctx_free(struct tls_context *ctx)
void tls_ctx_free(struct tls_context *ctx)
{
if (!ctx)
return;
......@@ -643,7 +643,7 @@ static void tls_hw_sk_destruct(struct sock *sk)
ctx->sk_destruct(sk);
/* Free ctx */
kfree(ctx);
tls_ctx_free(ctx);
icsk->icsk_ulp_data = NULL;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment