Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Mar 2018 16:12:08 +0000 (UTC)
From:      Conrad Meyer <cem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r331311 - head/sys/opencrypto
Message-ID:  <201803211612.w2LGC8EB035760@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: cem
Date: Wed Mar 21 16:12:07 2018
New Revision: 331311
URL: https://svnweb.freebsd.org/changeset/base/331311

Log:
  cryptosoft(4): Zero plain hash contexts, too
  
  An OCF-naive user program could use these primitives to implement HMAC, for
  example.  This would make the freed context sensitive data.
  
  Probably other bzeros in this file should be explicit_bzeros as well.
  Future work.
  
  Reviewed by:	jhb, markj
  Differential Revision:	https://reviews.freebsd.org/D14662 (minor part of a larger work)

Modified:
  head/sys/opencrypto/cryptosoft.c

Modified: head/sys/opencrypto/cryptosoft.c
==============================================================================
--- head/sys/opencrypto/cryptosoft.c	Wed Mar 21 15:57:36 2018	(r331310)
+++ head/sys/opencrypto/cryptosoft.c	Wed Mar 21 16:12:07 2018	(r331311)
@@ -1053,8 +1053,10 @@ swcr_freesession_locked(device_t dev, u_int64_t tid)
 		case CRYPTO_SHA1:
 			axf = swd->sw_axf;
 
-			if (swd->sw_ictx)
+			if (swd->sw_ictx) {
+				explicit_bzero(swd->sw_ictx, axf->ctxsize);
 				free(swd->sw_ictx, M_CRYPTO_DATA);
+			}
 			break;
 
 		case CRYPTO_DEFLATE_COMP:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803211612.w2LGC8EB035760>