creds: use CLEANUP_ERASE for symmetric key

Just in case, ensure the sha256 that is used as a symmetric
key for encrypted creds is safely erased from memory.

Reported on yeswehack.com as YWH-PGM9780-166

Follow-up for 21bc0b6fa1
This commit is contained in:
Luca Boccassi
2026-03-23 21:13:03 +00:00
committed by Zbigniew Jędrzejewski-Szmek
parent e7a176fe46
commit 3af158759f

View File

@@ -840,6 +840,8 @@ int encrypt_credential_and_warn(
/* Only one of these two flags may be set at the same time */
assert(!FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL) || !FLAGS_SET(flags, CREDENTIAL_REFUSE_NULL));
CLEANUP_ERASE(md);
if (!CRED_KEY_IS_VALID(with_key) && !CRED_KEY_IS_AUTO(with_key))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid key type: " SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL(with_key));
@@ -1204,6 +1206,8 @@ int decrypt_credential_and_warn(
/* Only one of these two flags may be set at the same time */
assert(!FLAGS_SET(flags, CREDENTIAL_ALLOW_NULL) || !FLAGS_SET(flags, CREDENTIAL_REFUSE_NULL));
CLEANUP_ERASE(md);
/* Relevant error codes:
*
* -EBADMSG → Corrupted file