cryptosoft(4): Zero plain hash contexts, too
An OCF-naive user program could use these primitives to implement HMAC, for example. This would make the freed context sensitive data. Probably other bzeros in this file should be explicit_bzeros as well. Future work. Reviewed by: jhb, markj Differential Revision: https://reviews.freebsd.org/D14662 (minor part of a larger work)
This commit is contained in:
parent
7021bf0569
commit
5fbc5b5a3c
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=331311
@ -1053,8 +1053,10 @@ swcr_freesession_locked(device_t dev, u_int64_t tid)
|
|||||||
case CRYPTO_SHA1:
|
case CRYPTO_SHA1:
|
||||||
axf = swd->sw_axf;
|
axf = swd->sw_axf;
|
||||||
|
|
||||||
if (swd->sw_ictx)
|
if (swd->sw_ictx) {
|
||||||
|
explicit_bzero(swd->sw_ictx, axf->ctxsize);
|
||||||
free(swd->sw_ictx, M_CRYPTO_DATA);
|
free(swd->sw_ictx, M_CRYPTO_DATA);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CRYPTO_DEFLATE_COMP:
|
case CRYPTO_DEFLATE_COMP:
|
||||||
|
Loading…
Reference in New Issue
Block a user