From 6572e5ff66ea41aea17fc88ffbc6f372d60378ef Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Thu, 25 Jun 2020 20:25:35 +0000
Subject: [PATCH] Use explicit_bzero() instead of bzero() for sensitive data.

Reviewed by:	delphij
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D25441
---
 sys/geom/bde/g_bde.c      | 10 +++++-----
 sys/geom/bde/g_bde_lock.c | 12 ++++++------
 sys/geom/eli/g_eli.c      | 10 +++++-----
 sys/geom/shsec/g_shsec.c  |  4 ++--
 4 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/sys/geom/bde/g_bde.c b/sys/geom/bde/g_bde.c
index 948f7fa6de75..f7dd4188c766 100644
--- a/sys/geom/bde/g_bde.c
+++ b/sys/geom/bde/g_bde.c
@@ -88,7 +88,7 @@ g_bde_orphan(struct g_consumer *cp)
 	gp->flags |= G_GEOM_WITHER;
 	LIST_FOREACH(pp, &gp->provider, provider)
 		g_wither_provider(pp, ENXIO);
-	bzero(sc, sizeof(struct g_bde_softc));	/* destroy evidence */
+	explicit_bzero(sc, sizeof(struct g_bde_softc));	/* destroy evidence */
 	return;
 }
 
@@ -163,7 +163,7 @@ g_bde_create_geom(struct gctl_req *req, struct g_class *mp, struct g_provider *p
 
 		error = g_bde_decrypt_lock(sc, pass, key,
 		    mediasize, sectorsize, NULL);
-		bzero(sc->sha2, sizeof sc->sha2);
+		explicit_bzero(sc->sha2, sizeof sc->sha2);
 		if (error)
 			break;
 		kp = &sc->key;
@@ -195,9 +195,9 @@ g_bde_create_geom(struct gctl_req *req, struct g_class *mp, struct g_provider *p
 		break;
 	} while (0);
 	if (pass != NULL)
-		bzero(pass, SHA512_DIGEST_LENGTH);
+		explicit_bzero(pass, SHA512_DIGEST_LENGTH);
 	if (key != NULL)
-		bzero(key, 16);
+		explicit_bzero(key, 16);
 	if (error == 0)
 		return;
 	g_access(cp, -1, -1, -1);
@@ -255,7 +255,7 @@ g_bde_destroy_geom(struct gctl_req *req, struct g_class *mp, struct g_geom *gp)
 	while (sc->dead != 2 && !LIST_EMPTY(&pp->consumers))
 		tsleep(sc, PRIBIO, "g_bdedie", hz);
 	mtx_destroy(&sc->worklist_mutex);
-	bzero(&sc->key, sizeof sc->key);
+	explicit_bzero(&sc->key, sizeof sc->key);
 	g_free(sc);
 	g_wither_geom(gp, ENXIO);
 	return (0);
diff --git a/sys/geom/bde/g_bde_lock.c b/sys/geom/bde/g_bde_lock.c
index bbf2712de66c..9a876d1b309d 100644
--- a/sys/geom/bde/g_bde_lock.c
+++ b/sys/geom/bde/g_bde_lock.c
@@ -316,9 +316,9 @@ g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64_t v1, void *output)
 	AES_init(&ci);
 	AES_makekey(&ki, DIR_ENCRYPT, G_BDE_KKEYBITS, sha2 + 0);
 	AES_encrypt(&ci, &ki, buf, output, sizeof buf);
-	bzero(buf, sizeof buf);
-	bzero(&ci, sizeof ci);
-	bzero(&ki, sizeof ki);
+	explicit_bzero(buf, sizeof buf);
+	explicit_bzero(&ci, sizeof ci);
+	explicit_bzero(&ki, sizeof ki);
 	return (0);
 }
 
@@ -333,9 +333,9 @@ g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64_t *output)
 	AES_makekey(&ki, DIR_DECRYPT, G_BDE_KKEYBITS, sha2 + 0);
 	AES_decrypt(&ci, &ki, input, buf, sizeof buf);
 	*output = le64dec(buf);
-	bzero(buf, sizeof buf);
-	bzero(&ci, sizeof ci);
-	bzero(&ki, sizeof ki);
+	explicit_bzero(buf, sizeof buf);
+	explicit_bzero(&ci, sizeof ci);
+	explicit_bzero(&ki, sizeof ki);
 	return(0);
 }
 
diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c
index dbfb16c27d04..5a2acd2b60c3 100644
--- a/sys/geom/eli/g_eli.c
+++ b/sys/geom/eli/g_eli.c
@@ -1126,7 +1126,7 @@ g_eli_keyfiles_clear(const char *provider)
 		data = preload_fetch_addr(keyfile);
 		size = preload_fetch_size(keyfile);
 		if (data != NULL && size != 0)
-			bzero(data, size);
+			explicit_bzero(data, size);
 	}
 }
 
@@ -1261,7 +1261,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
 
                         pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
                             sizeof(md.md_salt), passphrase, md.md_iterations);
-                        bzero(passphrase, sizeof(passphrase));
+                        explicit_bzero(passphrase, sizeof(passphrase));
                         g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
                         explicit_bzero(dkey, sizeof(dkey));
                 }
@@ -1272,7 +1272,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
                  * Decrypt Master-Key.
                  */
                 error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey);
-                bzero(key, sizeof(key));
+                explicit_bzero(key, sizeof(key));
                 if (error == -1) {
                         if (i == tries) {
                                 G_ELI_DEBUG(0,
@@ -1305,8 +1305,8 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
 	 * We have correct key, let's attach provider.
 	 */
 	gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey);
-	bzero(mkey, sizeof(mkey));
-	bzero(&md, sizeof(md));
+	explicit_bzero(mkey, sizeof(mkey));
+	explicit_bzero(&md, sizeof(md));
 	if (gp == NULL) {
 		G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name,
 		    G_ELI_SUFFIX);
diff --git a/sys/geom/shsec/g_shsec.c b/sys/geom/shsec/g_shsec.c
index 304924184692..d2cb70dc699a 100644
--- a/sys/geom/shsec/g_shsec.c
+++ b/sys/geom/shsec/g_shsec.c
@@ -269,7 +269,7 @@ g_shsec_done(struct bio *bp)
 			    (ssize_t)pbp->bio_length);
 		}
 	}
-	bzero(bp->bio_data, bp->bio_length);
+	explicit_bzero(bp->bio_data, bp->bio_length);
 	uma_zfree(g_shsec_zone, bp->bio_data);
 	g_destroy_bio(bp);
 	pbp->bio_inbed++;
@@ -384,7 +384,7 @@ g_shsec_start(struct bio *bp)
 		TAILQ_REMOVE(&queue, cbp, bio_queue);
 		bp->bio_children--;
 		if (cbp->bio_data != NULL) {
-			bzero(cbp->bio_data, cbp->bio_length);
+			explicit_bzero(cbp->bio_data, cbp->bio_length);
 			uma_zfree(g_shsec_zone, cbp->bio_data);
 		}
 		g_destroy_bio(cbp);