Skip to content

Commit

Permalink
sign: Use explicit_bzero to clear secret key material
Browse files Browse the repository at this point in the history
Suggested in:
ostreedev#3278 (comment)

Signed-off-by: Daiki Ueno <[email protected]>
  • Loading branch information
ueno committed Aug 13, 2024
1 parent 1cc222e commit 4bc9f37
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/libostree/ostree-sign-ed25519.c
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
#include "otcore.h"
#include <libglnx.h>
#include <ot-checksum-utils.h>
#include <string.h>

#undef G_LOG_DOMAIN
#define G_LOG_DOMAIN "OSTreeSign"
Expand Down Expand Up @@ -320,7 +321,7 @@ ostree_sign_ed25519_clear_keys (OstreeSign *self, GError **error)
/* Clear secret key */
if (sign->secret_key != NULL)
{
memset (sign->secret_key, 0, OSTREE_SIGN_ED25519_SECKEY_SIZE);
explicit_bzero (sign->secret_key, OSTREE_SIGN_ED25519_SECKEY_SIZE);
g_free (sign->secret_key);
sign->secret_key = NULL;
}
Expand Down

0 comments on commit 4bc9f37

Please sign in to comment.