From owner-svn-src-all@freebsd.org Thu Jun 25 20:25:36 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C976C344A38; Thu, 25 Jun 2020 20:25:36 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49tBNJ52vzz4Yg6; Thu, 25 Jun 2020 20:25:36 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8E7C989E6; Thu, 25 Jun 2020 20:25:36 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 05PKPaSV009038; Thu, 25 Jun 2020 20:25:36 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 05PKPZp9009034; Thu, 25 Jun 2020 20:25:35 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202006252025.05PKPZp9009034@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Thu, 25 Jun 2020 20:25:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r362629 - in head/sys/geom: bde eli shsec X-SVN-Group: head X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in head/sys/geom: bde eli shsec X-SVN-Commit-Revision: 362629 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jun 2020 20:25:36 -0000 Author: jhb Date: Thu Jun 25 20:25:35 2020 New Revision: 362629 URL: https://svnweb.freebsd.org/changeset/base/362629 Log: Use explicit_bzero() instead of bzero() for sensitive data. Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25441 Modified: head/sys/geom/bde/g_bde.c head/sys/geom/bde/g_bde_lock.c head/sys/geom/eli/g_eli.c head/sys/geom/shsec/g_shsec.c Modified: head/sys/geom/bde/g_bde.c ============================================================================== --- head/sys/geom/bde/g_bde.c Thu Jun 25 20:22:44 2020 (r362628) +++ head/sys/geom/bde/g_bde.c Thu Jun 25 20:25:35 2020 (r362629) @@ -88,7 +88,7 @@ g_bde_orphan(struct g_consumer *cp) gp->flags |= G_GEOM_WITHER; LIST_FOREACH(pp, &gp->provider, provider) g_wither_provider(pp, ENXIO); - bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */ + explicit_bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */ return; } @@ -163,7 +163,7 @@ g_bde_create_geom(struct gctl_req *req, struct g_class error = g_bde_decrypt_lock(sc, pass, key, mediasize, sectorsize, NULL); - bzero(sc->sha2, sizeof sc->sha2); + explicit_bzero(sc->sha2, sizeof sc->sha2); if (error) break; kp = &sc->key; @@ -195,9 +195,9 @@ g_bde_create_geom(struct gctl_req *req, struct g_class break; } while (0); if (pass != NULL) - bzero(pass, SHA512_DIGEST_LENGTH); + explicit_bzero(pass, SHA512_DIGEST_LENGTH); if (key != NULL) - bzero(key, 16); + explicit_bzero(key, 16); if (error == 0) return; g_access(cp, -1, -1, -1); @@ -255,7 +255,7 @@ g_bde_destroy_geom(struct gctl_req *req, struct g_clas while (sc->dead != 2 && !LIST_EMPTY(&pp->consumers)) tsleep(sc, PRIBIO, "g_bdedie", hz); mtx_destroy(&sc->worklist_mutex); - bzero(&sc->key, sizeof sc->key); + explicit_bzero(&sc->key, sizeof sc->key); g_free(sc); g_wither_geom(gp, ENXIO); return (0); Modified: head/sys/geom/bde/g_bde_lock.c ============================================================================== --- head/sys/geom/bde/g_bde_lock.c Thu Jun 25 20:22:44 2020 (r362628) +++ head/sys/geom/bde/g_bde_lock.c Thu Jun 25 20:25:35 2020 (r362629) @@ -316,9 +316,9 @@ g_bde_keyloc_encrypt(u_char *sha2, uint64_t v0, uint64 AES_init(&ci); AES_makekey(&ki, DIR_ENCRYPT, G_BDE_KKEYBITS, sha2 + 0); AES_encrypt(&ci, &ki, buf, output, sizeof buf); - bzero(buf, sizeof buf); - bzero(&ci, sizeof ci); - bzero(&ki, sizeof ki); + explicit_bzero(buf, sizeof buf); + explicit_bzero(&ci, sizeof ci); + explicit_bzero(&ki, sizeof ki); return (0); } @@ -333,9 +333,9 @@ g_bde_keyloc_decrypt(u_char *sha2, void *input, uint64 AES_makekey(&ki, DIR_DECRYPT, G_BDE_KKEYBITS, sha2 + 0); AES_decrypt(&ci, &ki, input, buf, sizeof buf); *output = le64dec(buf); - bzero(buf, sizeof buf); - bzero(&ci, sizeof ci); - bzero(&ki, sizeof ki); + explicit_bzero(buf, sizeof buf); + explicit_bzero(&ci, sizeof ci); + explicit_bzero(&ki, sizeof ki); return(0); } Modified: head/sys/geom/eli/g_eli.c ============================================================================== --- head/sys/geom/eli/g_eli.c Thu Jun 25 20:22:44 2020 (r362628) +++ head/sys/geom/eli/g_eli.c Thu Jun 25 20:25:35 2020 (r362629) @@ -1126,7 +1126,7 @@ g_eli_keyfiles_clear(const char *provider) data = preload_fetch_addr(keyfile); size = preload_fetch_size(keyfile); if (data != NULL && size != 0) - bzero(data, size); + explicit_bzero(data, size); } } @@ -1261,7 +1261,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, sizeof(md.md_salt), passphrase, md.md_iterations); - bzero(passphrase, sizeof(passphrase)); + explicit_bzero(passphrase, sizeof(passphrase)); g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); explicit_bzero(dkey, sizeof(dkey)); } @@ -1272,7 +1272,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, * Decrypt Master-Key. */ error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey); - bzero(key, sizeof(key)); + explicit_bzero(key, sizeof(key)); if (error == -1) { if (i == tries) { G_ELI_DEBUG(0, @@ -1305,8 +1305,8 @@ have_key: * We have correct key, let's attach provider. */ gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey); - bzero(mkey, sizeof(mkey)); - bzero(&md, sizeof(md)); + explicit_bzero(mkey, sizeof(mkey)); + explicit_bzero(&md, sizeof(md)); if (gp == NULL) { G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name, G_ELI_SUFFIX); Modified: head/sys/geom/shsec/g_shsec.c ============================================================================== --- head/sys/geom/shsec/g_shsec.c Thu Jun 25 20:22:44 2020 (r362628) +++ head/sys/geom/shsec/g_shsec.c Thu Jun 25 20:25:35 2020 (r362629) @@ -269,7 +269,7 @@ g_shsec_done(struct bio *bp) (ssize_t)pbp->bio_length); } } - bzero(bp->bio_data, bp->bio_length); + explicit_bzero(bp->bio_data, bp->bio_length); uma_zfree(g_shsec_zone, bp->bio_data); g_destroy_bio(bp); pbp->bio_inbed++; @@ -384,7 +384,7 @@ failure: TAILQ_REMOVE(&queue, cbp, bio_queue); bp->bio_children--; if (cbp->bio_data != NULL) { - bzero(cbp->bio_data, cbp->bio_length); + explicit_bzero(cbp->bio_data, cbp->bio_length); uma_zfree(g_shsec_zone, cbp->bio_data); } g_destroy_bio(cbp);