Date: Wed, 3 Jun 2020 22:18:21 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361776 - head/sys/dev/cxgbe/crypto Message-ID: <202006032218.053MILPO032408@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Wed Jun 3 22:18:21 2020 New Revision: 361776 URL: https://svnweb.freebsd.org/changeset/base/361776 Log: Explicitly zero AES key schedules on the stack. Reviewed by: delphij MFC after: 1 week Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D25057 Modified: head/sys/dev/cxgbe/crypto/t4_keyctx.c Modified: head/sys/dev/cxgbe/crypto/t4_keyctx.c ============================================================================== --- head/sys/dev/cxgbe/crypto/t4_keyctx.c Wed Jun 3 22:18:15 2020 (r361775) +++ head/sys/dev/cxgbe/crypto/t4_keyctx.c Wed Jun 3 22:18:21 2020 (r361776) @@ -75,6 +75,7 @@ t4_init_gmac_hash(const char *key, int klen, char *gha rounds = rijndaelKeySetupEnc(keysched, key, klen * 8); rijndaelEncrypt(keysched, rounds, zeroes, ghash); + explicit_bzero(keysched, sizeof(keysched)); } /* Copy out the partial hash state from a software hash implementation. */ @@ -169,4 +170,5 @@ t4_aes_getdeckey(void *dec_key, const void *enc_key, u break; } MPASS(dkey == dec_key); + explicit_bzero(ek, sizeof(ek)); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006032218.053MILPO032408>