Always zero encryption key on Stop

This change moves the zero key on Stop logic into cmdKEK.run. This guarantees via a defer that it is the last thing executed when run exits (and thus the key is always zeroed). Signed-off-by: Monis Khan <[email protected]>
enj · Mar 20, 2018 · 926a972 · 926a972
1 parent 87ffa8a
commit 926a972
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/kek/kek.go b/pkg/kek/kek.go
@@ -47,7 +47,6 @@ func (c *cmdKEK) Get() ([]byte, error) {
 }
 
 func (c *cmdKEK) Stop() {
-	c.setErrorState(errEmptyKey)
 	close(c.stop)
 }
 
@@ -81,6 +80,7 @@ func (c *cmdKEK) run() {
 	const factor = 5 // TODO move constant, maybe make configurable?
 	ticker := time.NewTicker(c.duration / factor)
 	defer ticker.Stop()
+	defer c.setErrorState(errEmptyKey)
 
 	current := 0