Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 31 Mar 2017 00:04:32 +0000 (UTC)
From:      Allan Jude <allanjude@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r316311 - in head: lib/libstand sys/boot/geli sys/boot/i386/gptboot sys/boot/i386/loader sys/boot/i386/zfsboot
Message-ID:  <201703310004.v2V04W3A043449@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: allanjude
Date: Fri Mar 31 00:04:32 2017
New Revision: 316311
URL: https://svnweb.freebsd.org/changeset/base/316311

Log:
  Add explicit_bzero() to libstand, and switch GELIBoot to using it
  
  Make sure sensitive memory is properly cleared when finished with it
  
  Reviewed by:	Eric McCorkle <eric@metricspace.net>
  Sponsored by:	ScaleEngine Inc.
  Differential Revision:	https://reviews.freebsd.org/D9798

Modified:
  head/lib/libstand/Makefile
  head/sys/boot/geli/Makefile
  head/sys/boot/geli/geliboot.c
  head/sys/boot/geli/geliboot.h
  head/sys/boot/geli/geliboot_crypto.c
  head/sys/boot/i386/gptboot/gptboot.c
  head/sys/boot/i386/loader/main.c
  head/sys/boot/i386/zfsboot/zfsboot.c

Modified: head/lib/libstand/Makefile
==============================================================================
--- head/lib/libstand/Makefile	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/lib/libstand/Makefile	Fri Mar 31 00:04:32 2017	(r316311)
@@ -155,5 +155,9 @@ SRCS+=	pkgfs.c
 SRCS+=	nandfs.c
 .endif
 
+# explicit_bzero
+.PATH: ${SRCTOP}/sys/libkern
+SRCS+=  explicit_bzero.c
+
 .include <bsd.stand.mk>
 .include <bsd.lib.mk>

Modified: head/sys/boot/geli/Makefile
==============================================================================
--- head/sys/boot/geli/Makefile	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/geli/Makefile	Fri Mar 31 00:04:32 2017	(r316311)
@@ -24,10 +24,6 @@ WARNS?=		0
 .PATH: ${.CURDIR}/../../../lib/libc/string
 SRCS+=  bcmp.c bcopy.c bzero.c
 
-# need explicit_bzero for crypto
-.PATH: ${.CURDIR}/../../../sys/libkern
-SRCS+=  explicit_bzero.c
-
 # Our password input method
 SRCS+=  pwgets.c
 

Modified: head/sys/boot/geli/geliboot.c
==============================================================================
--- head/sys/boot/geli/geliboot.c	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/geli/geliboot.c	Fri Mar 31 00:04:32 2017	(r316311)
@@ -173,19 +173,19 @@ geli_attach(struct dsk *dskp, const char
 			    sizeof(geli_e->md.md_salt), passphrase,
 			    geli_e->md.md_iterations);
 			g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
-			bzero(&dkey, sizeof(dkey));
+			explicit_bzero(dkey, sizeof(dkey));
 		}
 
 		g_eli_crypto_hmac_final(&ctx, key, 0);
 
 		error = g_eli_mkey_decrypt(&geli_e->md, key, mkey, &keynum);
-		bzero(&key, sizeof(key));
+		explicit_bzero(key, sizeof(key));
 		if (error == -1) {
-			bzero(&mkey, sizeof(mkey));
+			explicit_bzero(mkey, sizeof(mkey));
 			printf("Bad GELI key: %d\n", error);
 			return (error);
 		} else if (error != 0) {
-			bzero(&mkey, sizeof(mkey));
+			explicit_bzero(mkey, sizeof(mkey));
 			printf("Failed to decrypt GELI master key: %d\n", error);
 			return (error);
 		}
@@ -203,7 +203,7 @@ geli_attach(struct dsk *dskp, const char
 			g_eli_crypto_hmac(mkp, G_ELI_MAXKEYLEN, "\x10", 1,
 			    geli_e->sc.sc_ekey, 0);
 		}
-		bzero(&mkey, sizeof(mkey));
+		explicit_bzero(mkey, sizeof(mkey));
 
 		/* Initialize the per-sector IV. */
 		switch (geli_e->sc.sc_ealgo) {
@@ -279,13 +279,13 @@ geli_read(struct dsk *dskp, off_t offset
 			    geli_e->sc.sc_ekeylen, iv);
 
 			if (error != 0) {
-				bzero(&gkey, sizeof(gkey));
+				explicit_bzero(&gkey, sizeof(gkey));
 				printf("Failed to decrypt in geli_read()!");
 				return (error);
 			}
 			pbuf += secsize;
 		}
-		bzero(&gkey, sizeof(gkey));
+		explicit_bzero(&gkey, sizeof(gkey));
 		return (0);
 	}
 

Modified: head/sys/boot/geli/geliboot.h
==============================================================================
--- head/sys/boot/geli/geliboot.h	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/geli/geliboot.h	Fri Mar 31 00:04:32 2017	(r316311)
@@ -36,6 +36,7 @@
 #define _STRING_H_
 #define _STRINGS_H_
 #define _STDIO_H_
+
 #include <geom/eli/g_eli.h>
 #include <geom/eli/pkcs5v2.h>
 

Modified: head/sys/boot/geli/geliboot_crypto.c
==============================================================================
--- head/sys/boot/geli/geliboot_crypto.c	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/geli/geliboot_crypto.c	Fri Mar 31 00:04:32 2017	(r316311)
@@ -110,7 +110,7 @@ g_eli_crypto_cipher(u_int algo, int enc,
 {
 	u_char iv[keysize];
 
-	bzero(iv, sizeof(iv));
+	explicit_bzero(iv, sizeof(iv));
 	return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
 }
 

Modified: head/sys/boot/i386/gptboot/gptboot.c
==============================================================================
--- head/sys/boot/i386/gptboot/gptboot.c	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/i386/gptboot/gptboot.c	Fri Mar 31 00:04:32 2017	(r316311)
@@ -481,7 +481,7 @@ load(void)
 #ifdef LOADER_GELI_SUPPORT
     geliargs.size = sizeof(geliargs);
     bcopy(gelipw, geliargs.gelipw, sizeof(geliargs.gelipw));
-    bzero(gelipw, sizeof(gelipw));
+    explicit_bzero(gelipw, sizeof(gelipw));
 #endif
     __exec((caddr_t)addr, RB_BOOTINFO | (opts & RBX_MASK),
 	   MAKEBOOTDEV(dev_maj[dsk.type], dsk.part + 1, dsk.unit, 0xff),

Modified: head/sys/boot/i386/loader/main.c
==============================================================================
--- head/sys/boot/i386/loader/main.c	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/i386/loader/main.c	Fri Mar 31 00:04:32 2017	(r316311)
@@ -175,7 +175,7 @@ main(void)
 	if (zargs != NULL && zargs->size >= offsetof(struct zfs_boot_args, gelipw)) {
 	    if (zargs->gelipw[0] != '\0') {
 		setenv("kern.geom.eli.passphrase", zargs->gelipw, 1);
-		bzero(zargs->gelipw, sizeof(zargs->gelipw));
+		explicit_bzero(zargs->gelipw, sizeof(zargs->gelipw));
 	    }
 	}
     }
@@ -187,7 +187,7 @@ main(void)
 	if (gargs != NULL && gargs->size >= offsetof(struct geli_boot_args, gelipw)) {
 	    if (gargs->gelipw[0] != '\0') {
 		setenv("kern.geom.eli.passphrase", gargs->gelipw, 1);
-		bzero(gargs->gelipw, sizeof(gargs->gelipw));
+		explicit_bzero(gargs->gelipw, sizeof(gargs->gelipw));
 	    }
 	}
     }

Modified: head/sys/boot/i386/zfsboot/zfsboot.c
==============================================================================
--- head/sys/boot/i386/zfsboot/zfsboot.c	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/i386/zfsboot/zfsboot.c	Fri Mar 31 00:04:32 2017	(r316311)
@@ -926,7 +926,7 @@ load(void)
     zfsargs.primary_pool = primary_spa->spa_guid;
 #ifdef LOADER_GELI_SUPPORT
     bcopy(gelipw, zfsargs.gelipw, sizeof(zfsargs.gelipw));
-    bzero(gelipw, sizeof(gelipw));
+    explicit_bzero(gelipw, sizeof(gelipw));
 #else
     zfsargs.gelipw[0] = '\0';
 #endif



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703310004.v2V04W3A043449>