Date: Wed, 21 Mar 2018 16:12:08 +0000 (UTC) From: Conrad Meyer <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r331311 - head/sys/opencrypto Message-ID: <201803211612.w2LGC8EB035760@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Wed Mar 21 16:12:07 2018 New Revision: 331311 URL: https://svnweb.freebsd.org/changeset/base/331311 Log: cryptosoft(4): Zero plain hash contexts, too An OCF-naive user program could use these primitives to implement HMAC, for example. This would make the freed context sensitive data. Probably other bzeros in this file should be explicit_bzeros as well. Future work. Reviewed by: jhb, markj Differential Revision: https://reviews.freebsd.org/D14662 (minor part of a larger work) Modified: head/sys/opencrypto/cryptosoft.c Modified: head/sys/opencrypto/cryptosoft.c ============================================================================== --- head/sys/opencrypto/cryptosoft.c Wed Mar 21 15:57:36 2018 (r331310) +++ head/sys/opencrypto/cryptosoft.c Wed Mar 21 16:12:07 2018 (r331311) @@ -1053,8 +1053,10 @@ swcr_freesession_locked(device_t dev, u_int64_t tid) case CRYPTO_SHA1: axf = swd->sw_axf; - if (swd->sw_ictx) + if (swd->sw_ictx) { + explicit_bzero(swd->sw_ictx, axf->ctxsize); free(swd->sw_ictx, M_CRYPTO_DATA); + } break; case CRYPTO_DEFLATE_COMP:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803211612.w2LGC8EB035760>