Use zfree() to explicitly zero IPsec keys.

Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25442
svn path=/head/; revision=362632
2020-06-25 20:31:06 +00:00 · 2020-06-25 20:31:06 +00:00 · 20869b25cc · 2020-12-20 02:59:44 +00:00
commit 20869b25cc
parent f4134e3d87
4 changed files with 4 additions and 19 deletions
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@ -3060,27 +3060,19 @@ key_cleansav(struct secasvar *sav)
 	if (sav->flags & SADB_X_EXT_F_CLONED)
 		return;
 	/*
-	 * Cleanup xform state.  Note that zeroize'ing causes the
-	 * keys to be cleared; otherwise we must do it ourself.
+	 * Cleanup xform state.
 	 */
 	if (sav->tdb_xform != NULL) {
 		sav->tdb_xform->xf_zeroize(sav);
 		sav->tdb_xform = NULL;
-	} else {
-		if (sav->key_auth != NULL)
-			bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
-		if (sav->key_enc != NULL)
-			bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc));
 	}
 	if (sav->key_auth != NULL) {
-		if (sav->key_auth->key_data != NULL)
-			free(sav->key_auth->key_data, M_IPSEC_MISC);
+		zfree(sav->key_auth->key_data, M_IPSEC_MISC);
 		free(sav->key_auth, M_IPSEC_MISC);
 		sav->key_auth = NULL;
 	}
 	if (sav->key_enc != NULL) {
-		if (sav->key_enc->key_data != NULL)
-			free(sav->key_enc->key_data, M_IPSEC_MISC);
+		zfree(sav->key_enc->key_data, M_IPSEC_MISC);
 		free(sav->key_enc, M_IPSEC_MISC);
 		sav->key_enc = NULL;
 	}
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@ -250,9 +250,6 @@ int
 ah_zeroize(struct secasvar *sav)
 {

-	if (sav->key_auth)
-		bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
-
 	crypto_freesession(sav->tdb_cryptoid);
 	sav->tdb_cryptoid = NULL;
 	sav->tdb_authalgxform = NULL;
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@ -243,11 +243,9 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
 static int
 esp_zeroize(struct secasvar *sav)
 {
-	/* NB: ah_zerorize free's the crypto session state */
+	/* NB: ah_zeroize free's the crypto session state */
 	int error = ah_zeroize(sav);

-	if (sav->key_enc)
-		bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc));
 	sav->tdb_encalgxform = NULL;
 	sav->tdb_xform = NULL;
 	return error;
--- a/sys/netipsec/xform_tcp.c
+++ b/sys/netipsec/xform_tcp.c
@ -365,8 +365,6 @@ static int
 tcpsignature_zeroize(struct secasvar *sav)
 {

-	if (sav->key_auth != NULL)
-		bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
 	sav->tdb_xform = NULL;
 	return (0);
 }