Use explicit_bzero() instead of bzero() for sensitive data.
Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25441
This commit is contained in:
John Baldwin
parent
9b6dc28176
commit
6572e5ff66
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=362629
@ -88,7 +88,7 @@ g_bde_orphan(struct g_consumer *cp)
|
||||
gp->flags |= G_GEOM_WITHER;
|
||||
LIST_FOREACH(pp, &gp->provider, provider)
|
||||
g_wither_provider(pp, ENXIO);
|
||||
bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */
|
||||
explicit_bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */
|
||||
return;
|
||||
}
|
||||
|
||||
@ -163,7 +163,7 @@ g_bde_create_geom(struct gctl_req *req, struct g_class *mp, struct g_provider *p
|
||||
|
||||
error = g_bde_decrypt_lock(sc, pass, key,
|
||||
mediasize, sectorsize, NULL);
|
||||
bzero(sc->sha2, sizeof sc->sha2);
|
||||
explicit_bzero(sc->sha2, sizeof sc->sha2);
|
||||
if (error)
|
||||
break;
|
||||
kp = &sc->key;
|
||||
@ -195,9 +195,9 @@ g_bde_create_geom(struct gctl_req *req, struct g_class *mp, struct g_provider *p
|
||||
break;
|
||||
} while (0);
|
||||
if (pass != NULL)
|
||||
bzero(pass, SHA512_DIGEST_LENGTH);
|
||||
explicit_bzero(pass, SHA512_DIGEST_LENGTH);
|
||||
if (key != NULL)
|
||||
bzero(key, 16);
|
||||
explicit_bzero(key, 16);
|
||||
if (error == 0)
|
||||
return;
|
||||
g_access(cp, -1, -1, -1);
|
||||
@ -255,7 +255,7 @@ g_bde_destroy_geom(struct gctl_req *req, struct g_class *mp, struct g_geom *gp)
|
||||
while (sc->dead != 2 && !LIST_EMPTY(&pp->consumers))
|
||||
tsleep(sc, PRIBIO, "g_bdedie", hz);
|
||||
mtx_destroy(&sc->worklist_mutex);
|
||||
bzero(&sc->key, sizeof sc->key);
|
||||
explicit_bzero(&sc->key, sizeof sc->key);
|
||||
g_free(sc);
|
||||
g_wither_geom(gp, ENXIO);
|
||||
return (0);
|
||||
|
||||
@ -316,9 +316,9 @@ g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64_t v1, void *output)
|
||||
AES_init(&ci);
|
||||
AES_makekey(&ki, DIR_ENCRYPT, G_BDE_KKEYBITS, sha2 + 0);
|
||||
AES_encrypt(&ci, &ki, buf, output, sizeof buf);
|
||||
bzero(buf, sizeof buf);
|
||||
bzero(&ci, sizeof ci);
|
||||
bzero(&ki, sizeof ki);
|
||||
explicit_bzero(buf, sizeof buf);
|
||||
explicit_bzero(&ci, sizeof ci);
|
||||
explicit_bzero(&ki, sizeof ki);
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -333,9 +333,9 @@ g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64_t *output)
|
||||
AES_makekey(&ki, DIR_DECRYPT, G_BDE_KKEYBITS, sha2 + 0);
|
||||
AES_decrypt(&ci, &ki, input, buf, sizeof buf);
|
||||
*output = le64dec(buf);
|
||||
bzero(buf, sizeof buf);
|
||||
bzero(&ci, sizeof ci);
|
||||
bzero(&ki, sizeof ki);
|
||||
explicit_bzero(buf, sizeof buf);
|
||||
explicit_bzero(&ci, sizeof ci);
|
||||
explicit_bzero(&ki, sizeof ki);
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
||||
@ -1126,7 +1126,7 @@ g_eli_keyfiles_clear(const char *provider)
|
||||
data = preload_fetch_addr(keyfile);
|
||||
size = preload_fetch_size(keyfile);
|
||||
if (data != NULL && size != 0)
|
||||
bzero(data, size);
|
||||
explicit_bzero(data, size);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1261,7 +1261,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
|
||||
|
||||
pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
|
||||
sizeof(md.md_salt), passphrase, md.md_iterations);
|
||||
bzero(passphrase, sizeof(passphrase));
|
||||
explicit_bzero(passphrase, sizeof(passphrase));
|
||||
g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
|
||||
explicit_bzero(dkey, sizeof(dkey));
|
||||
}
|
||||
@ -1272,7 +1272,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
|
||||
* Decrypt Master-Key.
|
||||
*/
|
||||
error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
|
||||
bzero(key, sizeof(key));
|
||||
explicit_bzero(key, sizeof(key));
|
||||
if (error == -1) {
|
||||
if (i == tries) {
|
||||
G_ELI_DEBUG(0,
|
||||
@ -1305,8 +1305,8 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
|
||||
* We have correct key, let's attach provider.
|
||||
*/
|
||||
gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey);
|
||||
bzero(mkey, sizeof(mkey));
|
||||
bzero(&md, sizeof(md));
|
||||
explicit_bzero(mkey, sizeof(mkey));
|
||||
explicit_bzero(&md, sizeof(md));
|
||||
if (gp == NULL) {
|
||||
G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name,
|
||||
G_ELI_SUFFIX);
|
||||
|
||||
@ -269,7 +269,7 @@ g_shsec_done(struct bio *bp)
|
||||
(ssize_t)pbp->bio_length);
|
||||
}
|
||||
}
|
||||
bzero(bp->bio_data, bp->bio_length);
|
||||
explicit_bzero(bp->bio_data, bp->bio_length);
|
||||
uma_zfree(g_shsec_zone, bp->bio_data);
|
||||
g_destroy_bio(bp);
|
||||
pbp->bio_inbed++;
|
||||
@ -384,7 +384,7 @@ g_shsec_start(struct bio *bp)
|
||||
TAILQ_REMOVE(&queue, cbp, bio_queue);
|
||||
bp->bio_children--;
|
||||
if (cbp->bio_data != NULL) {
|
||||
bzero(cbp->bio_data, cbp->bio_length);
|
||||
explicit_bzero(cbp->bio_data, cbp->bio_length);
|
||||
uma_zfree(g_shsec_zone, cbp->bio_data);
|
||||
}
|
||||
g_destroy_bio(cbp);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user