IPsec zero-es all allocated key memory including memory sur-allocated by
the allocator.
Move it to its own function in clib mem infra to make it easier to
instrument.
Type: refactor
Change-Id: Icd1c44d18b741e723864abce75ac93e2eff74b61
Signed-off-by: Benoît Ganne <bganne@cisco.com>
if (cm->key_data[idx] == 0)
return;
if (cm->key_data[idx] == 0)
return;
- clib_memset_u8 (cm->key_data[idx], 0,
- clib_mem_size (cm->key_data[idx]));
- clib_mem_free (cm->key_data[idx]);
+ clib_mem_free_s (cm->key_data[idx]);
cm->key_data[idx] = 0;
return;
}
cm->key_data[idx] = 0;
return;
}
if (kop == VNET_CRYPTO_KEY_OP_MODIFY && cm->key_data[idx])
{
if (kop == VNET_CRYPTO_KEY_OP_MODIFY && cm->key_data[idx])
{
- clib_memset_u8 (cm->key_data[idx], 0,
- clib_mem_size (cm->key_data[idx]));
- clib_mem_free (cm->key_data[idx]);
+ clib_mem_free_s (cm->key_data[idx]);
}
cm->key_data[idx] = cm->key_fn[key->alg] (key);
}
cm->key_data[idx] = cm->key_fn[key->alg] (key);
if (imbm->key_data[idx] == 0)
return;
if (imbm->key_data[idx] == 0)
return;
- clib_memset_u8 (imbm->key_data[idx], 0,
- clib_mem_size (imbm->key_data[idx]));
- clib_mem_free (imbm->key_data[idx]);
+ clib_mem_free_s (imbm->key_data[idx]);
imbm->key_data[idx] = 0;
return;
}
imbm->key_data[idx] = 0;
return;
}
if (kop == VNET_CRYPTO_KEY_OP_MODIFY && imbm->key_data[idx])
{
if (kop == VNET_CRYPTO_KEY_OP_MODIFY && imbm->key_data[idx])
{
- clib_memset_u8 (imbm->key_data[idx], 0,
- clib_mem_size (imbm->key_data[idx]));
- clib_mem_free (imbm->key_data[idx]);
+ clib_mem_free_s (imbm->key_data[idx]);
}
kd = imbm->key_data[idx] = clib_mem_alloc_aligned (ad->data_size,
}
kd = imbm->key_data[idx] = clib_mem_alloc_aligned (ad->data_size,
+always_inline void
+clib_mem_free_s (void *p)
+{
+ uword size = clib_mem_size (p);
+ memset_s_inline (p, size, 0, size);
+ clib_mem_free (p);
+}
+
always_inline void *
clib_mem_get_heap (void)
{
always_inline void *
clib_mem_get_heap (void)
{