From owner-svn-src-all@freebsd.org  Fri Mar 31 00:04:34 2017
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C3C95D222B3;
 Fri, 31 Mar 2017 00:04:34 +0000 (UTC)
 (envelope-from allanjude@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9AF3D396;
 Fri, 31 Mar 2017 00:04:34 +0000 (UTC)
 (envelope-from allanjude@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v2V04XcV043459;
 Fri, 31 Mar 2017 00:04:33 GMT (envelope-from allanjude@FreeBSD.org)
Received: (from allanjude@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v2V04W3A043449;
 Fri, 31 Mar 2017 00:04:32 GMT (envelope-from allanjude@FreeBSD.org)
Message-Id: <201703310004.v2V04W3A043449@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: allanjude set sender to
 allanjude@FreeBSD.org using -f
From: Allan Jude <allanjude@FreeBSD.org>
Date: Fri, 31 Mar 2017 00:04:32 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r316311 - in head: lib/libstand sys/boot/geli
 sys/boot/i386/gptboot sys/boot/i386/loader sys/boot/i386/zfsboot
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 00:04:34 -0000

Author: allanjude
Date: Fri Mar 31 00:04:32 2017
New Revision: 316311
URL: https://svnweb.freebsd.org/changeset/base/316311

Log:
  Add explicit_bzero() to libstand, and switch GELIBoot to using it
  
  Make sure sensitive memory is properly cleared when finished with it
  
  Reviewed by:	Eric McCorkle <eric@metricspace.net>
  Sponsored by:	ScaleEngine Inc.
  Differential Revision:	https://reviews.freebsd.org/D9798

Modified:
  head/lib/libstand/Makefile
  head/sys/boot/geli/Makefile
  head/sys/boot/geli/geliboot.c
  head/sys/boot/geli/geliboot.h
  head/sys/boot/geli/geliboot_crypto.c
  head/sys/boot/i386/gptboot/gptboot.c
  head/sys/boot/i386/loader/main.c
  head/sys/boot/i386/zfsboot/zfsboot.c

Modified: head/lib/libstand/Makefile
==============================================================================
--- head/lib/libstand/Makefile	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/lib/libstand/Makefile	Fri Mar 31 00:04:32 2017	(r316311)
@@ -155,5 +155,9 @@ SRCS+=	pkgfs.c
 SRCS+=	nandfs.c
 .endif
 
+# explicit_bzero
+.PATH: ${SRCTOP}/sys/libkern
+SRCS+=  explicit_bzero.c
+
 .include <bsd.stand.mk>
 .include <bsd.lib.mk>

Modified: head/sys/boot/geli/Makefile
==============================================================================
--- head/sys/boot/geli/Makefile	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/geli/Makefile	Fri Mar 31 00:04:32 2017	(r316311)
@@ -24,10 +24,6 @@ WARNS?=		0
 .PATH: ${.CURDIR}/../../../lib/libc/string
 SRCS+=  bcmp.c bcopy.c bzero.c
 
-# need explicit_bzero for crypto
-.PATH: ${.CURDIR}/../../../sys/libkern
-SRCS+=  explicit_bzero.c
-
 # Our password input method
 SRCS+=  pwgets.c
 

Modified: head/sys/boot/geli/geliboot.c
==============================================================================
--- head/sys/boot/geli/geliboot.c	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/geli/geliboot.c	Fri Mar 31 00:04:32 2017	(r316311)
@@ -173,19 +173,19 @@ geli_attach(struct dsk *dskp, const char
 			    sizeof(geli_e->md.md_salt), passphrase,
 			    geli_e->md.md_iterations);
 			g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
-			bzero(&dkey, sizeof(dkey));
+			explicit_bzero(dkey, sizeof(dkey));
 		}
 
 		g_eli_crypto_hmac_final(&ctx, key, 0);
 
 		error = g_eli_mkey_decrypt(&geli_e->md, key, mkey, &keynum);
-		bzero(&key, sizeof(key));
+		explicit_bzero(key, sizeof(key));
 		if (error == -1) {
-			bzero(&mkey, sizeof(mkey));
+			explicit_bzero(mkey, sizeof(mkey));
 			printf("Bad GELI key: %d\n", error);
 			return (error);
 		} else if (error != 0) {
-			bzero(&mkey, sizeof(mkey));
+			explicit_bzero(mkey, sizeof(mkey));
 			printf("Failed to decrypt GELI master key: %d\n", error);
 			return (error);
 		}
@@ -203,7 +203,7 @@ geli_attach(struct dsk *dskp, const char
 			g_eli_crypto_hmac(mkp, G_ELI_MAXKEYLEN, "\x10", 1,
 			    geli_e->sc.sc_ekey, 0);
 		}
-		bzero(&mkey, sizeof(mkey));
+		explicit_bzero(mkey, sizeof(mkey));
 
 		/* Initialize the per-sector IV. */
 		switch (geli_e->sc.sc_ealgo) {
@@ -279,13 +279,13 @@ geli_read(struct dsk *dskp, off_t offset
 			    geli_e->sc.sc_ekeylen, iv);
 
 			if (error != 0) {
-				bzero(&gkey, sizeof(gkey));
+				explicit_bzero(&gkey, sizeof(gkey));
 				printf("Failed to decrypt in geli_read()!");
 				return (error);
 			}
 			pbuf += secsize;
 		}
-		bzero(&gkey, sizeof(gkey));
+		explicit_bzero(&gkey, sizeof(gkey));
 		return (0);
 	}
 

Modified: head/sys/boot/geli/geliboot.h
==============================================================================
--- head/sys/boot/geli/geliboot.h	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/geli/geliboot.h	Fri Mar 31 00:04:32 2017	(r316311)
@@ -36,6 +36,7 @@
 #define _STRING_H_
 #define _STRINGS_H_
 #define _STDIO_H_
+
 #include <geom/eli/g_eli.h>
 #include <geom/eli/pkcs5v2.h>
 

Modified: head/sys/boot/geli/geliboot_crypto.c
==============================================================================
--- head/sys/boot/geli/geliboot_crypto.c	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/geli/geliboot_crypto.c	Fri Mar 31 00:04:32 2017	(r316311)
@@ -110,7 +110,7 @@ g_eli_crypto_cipher(u_int algo, int enc,
 {
 	u_char iv[keysize];
 
-	bzero(iv, sizeof(iv));
+	explicit_bzero(iv, sizeof(iv));
 	return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
 }
 

Modified: head/sys/boot/i386/gptboot/gptboot.c
==============================================================================
--- head/sys/boot/i386/gptboot/gptboot.c	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/i386/gptboot/gptboot.c	Fri Mar 31 00:04:32 2017	(r316311)
@@ -481,7 +481,7 @@ load(void)
 #ifdef LOADER_GELI_SUPPORT
     geliargs.size = sizeof(geliargs);
     bcopy(gelipw, geliargs.gelipw, sizeof(geliargs.gelipw));
-    bzero(gelipw, sizeof(gelipw));
+    explicit_bzero(gelipw, sizeof(gelipw));
 #endif
     __exec((caddr_t)addr, RB_BOOTINFO | (opts & RBX_MASK),
 	   MAKEBOOTDEV(dev_maj[dsk.type], dsk.part + 1, dsk.unit, 0xff),

Modified: head/sys/boot/i386/loader/main.c
==============================================================================
--- head/sys/boot/i386/loader/main.c	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/i386/loader/main.c	Fri Mar 31 00:04:32 2017	(r316311)
@@ -175,7 +175,7 @@ main(void)
 	if (zargs != NULL && zargs->size >= offsetof(struct zfs_boot_args, gelipw)) {
 	    if (zargs->gelipw[0] != '\0') {
 		setenv("kern.geom.eli.passphrase", zargs->gelipw, 1);
-		bzero(zargs->gelipw, sizeof(zargs->gelipw));
+		explicit_bzero(zargs->gelipw, sizeof(zargs->gelipw));
 	    }
 	}
     }
@@ -187,7 +187,7 @@ main(void)
 	if (gargs != NULL && gargs->size >= offsetof(struct geli_boot_args, gelipw)) {
 	    if (gargs->gelipw[0] != '\0') {
 		setenv("kern.geom.eli.passphrase", gargs->gelipw, 1);
-		bzero(gargs->gelipw, sizeof(gargs->gelipw));
+		explicit_bzero(gargs->gelipw, sizeof(gargs->gelipw));
 	    }
 	}
     }

Modified: head/sys/boot/i386/zfsboot/zfsboot.c
==============================================================================
--- head/sys/boot/i386/zfsboot/zfsboot.c	Thu Mar 30 23:49:57 2017	(r316310)
+++ head/sys/boot/i386/zfsboot/zfsboot.c	Fri Mar 31 00:04:32 2017	(r316311)
@@ -926,7 +926,7 @@ load(void)
     zfsargs.primary_pool = primary_spa->spa_guid;
 #ifdef LOADER_GELI_SUPPORT
     bcopy(gelipw, zfsargs.gelipw, sizeof(zfsargs.gelipw));
-    bzero(gelipw, sizeof(gelipw));
+    explicit_bzero(gelipw, sizeof(gelipw));
 #else
     zfsargs.gelipw[0] = '\0';
 #endif