d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Explicitly zero AES key schedules on the stack.

Browse Source 
Reviewed by:	delphij
MFC after:	1 week
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
This commit is contained in:
John Baldwin 2020-06-03 22:18:21 +00:00
parent eb5e1004e2
commit 0065d9a47f
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=361776
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/dev/cxgbe/crypto/t4_keyctx.c
View File

@ -75,6 +75,7 @@ t4_init_gmac_hash(const char *key, int klen, char *ghash)
rounds = rijndaelKeySetupEnc(keysched, key, klen * 8);
rijndaelEncrypt(keysched, rounds, zeroes, ghash);
explicit_bzero(keysched, sizeof(keysched));
}
/* Copy out the partial hash state from a software hash implementation. */
@ -169,4 +170,5 @@ t4_aes_getdeckey(void *dec_key, const void *enc_key, unsigned int kbits)
break;
}
MPASS(dkey == dec_key);
explicit_bzero(ek, sizeof(ek));
}