Update to use SecureString and SecureBuffer
ipmiOEMSetUser2Activation gets a SecureBuffer and the extra
OPENSSL_cleanse functions can be removed for SecureString
Change-Id: Ib629ea4c3bd12c446dfad671bb47ed0b61001fd6
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
diff --git a/src/oemcommands.cpp b/src/oemcommands.cpp
index 76d10a5..e25e40d 100644
--- a/src/oemcommands.cpp
+++ b/src/oemcommands.cpp
@@ -1052,8 +1052,12 @@
*/
ipmi::RspType<> ipmiOEMSetUser2Activation(
std::array<uint8_t, ipmi::ipmiMaxUserName>& userName,
- std::array<uint8_t, ipmi::maxIpmi20PasswordSize>& userPassword)
+ const SecureBuffer& userPassword)
{
+ if (userPassword.size() != ipmi::maxIpmi20PasswordSize)
+ {
+ return ipmi::responseReqDataLenInvalid();
+ }
bool userState = false;
// Check for System Interface not exist and LAN should be static
for (uint8_t channel = 0; channel < maxIpmiChannels; channel++)
@@ -1145,7 +1149,6 @@
{
phosphor::logging::log<phosphor::logging::level::INFO>(
"ipmiOEMSetUser2Activation: user created successfully ");
- OPENSSL_cleanse(userPassword.data(), userPassword.size());
return ipmi::responseSuccess();
}
@@ -1155,7 +1158,6 @@
ipmiUserSetUserName(ipmiDefaultUserId, static_cast<std::string>(""));
phosphor::logging::log<phosphor::logging::level::ERR>(
"ipmiOEMSetUser2Activation: password / priv setting is failed.");
- OPENSSL_cleanse(userPassword.data(), userPassword.size());
}
else
{
@@ -1263,9 +1265,6 @@
{
status = ipmiSetSpecialUserPassword("root", passwd);
}
- // Clear sensitive data
- OPENSSL_cleanse(passwd.data(), passwd.length());
-
return ipmi::response(status);
}
else