From: Daiki Ueno <dueno@redhat.com>
Date: Sat, 13 Jul 2024 01:05:00 +0000 (+0900)
Subject: sign: Use explicit_bzero to clear secret key material
X-Git-Tag: archive/raspbian/2025.7-2+rpi1^2^2~6^2~5^2~2^2~4
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/www.github.com/%22bookmarks:///%22http:/www.example.com/cgi/%22https:/www.github.com/%22bookmarks:/?a=commitdiff_plain;h=867dc0b74da7241606b7dc7461a1b3cad26c0844;p=ostree.git

sign: Use explicit_bzero to clear secret key material

Suggested in:
https://github.com/ostreedev/ostree/pull/3278#discussion_r1675696052

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---

diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c
index e0e3ac46..e3b5b7a3 100644
--- a/src/libostree/ostree-sign-ed25519.c
+++ b/src/libostree/ostree-sign-ed25519.c
@@ -27,6 +27,7 @@
 #include "otcore.h"
 #include <libglnx.h>
 #include <ot-checksum-utils.h>
+#include <string.h>
 
 #undef G_LOG_DOMAIN
 #define G_LOG_DOMAIN "OSTreeSign"
@@ -320,7 +321,7 @@ ostree_sign_ed25519_clear_keys (OstreeSign *self, GError **error)
   /* Clear secret key */
   if (sign->secret_key != NULL)
     {
-      memset (sign->secret_key, 0, OSTREE_SIGN_ED25519_SECKEY_SIZE);
+      explicit_bzero (sign->secret_key, OSTREE_SIGN_ED25519_SECKEY_SIZE);
       g_free (sign->secret_key);
       sign->secret_key = NULL;
     }