keyctl: try to wipe keys from memory after use

The key being added or updated likely contains secrets so it would be best
not to leave it in memory or in a core dump when no longer needed.

Glibc 2.25+ provides the explicit_bzero() function that can be used for
this purpose, let's utilize it if it is present.

Tested by redefining exit(n) to abort() and inspecting the resulting core
file for key data.

Signed-off-by: Maciej S. Szmigiero <>
Signed-off-by: David Howells <>
1 file changed