summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2017-03-23 04:10:11 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2017-03-23 04:10:11 +0000
commit1ce3485cc04e74a61ec9e3553378c1971bdb859d (patch)
treed9de02e01bf97d7f8bde3af8afc36e0ee910a8b6
parentd01ea33a92b1235261b61f0b0f85e8a44a117a13 (diff)
Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
-rw-r--r--sys/net80211/ieee80211_crypto.c4
-rw-r--r--sys/net80211/ieee80211_crypto_bip.c8
-rw-r--r--sys/net80211/ieee80211_crypto_ccmp.c8
-rw-r--r--sys/net80211/ieee80211_crypto_tkip.c8
-rw-r--r--sys/net80211/ieee80211_crypto_wep.c8
-rw-r--r--sys/net80211/ieee80211_ioctl.c6
6 files changed, 25 insertions, 17 deletions
diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index 0decf6cea85..2c5406128e5 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_crypto.c,v 1.68 2016/12/20 13:27:58 stsp Exp $ */
+/* $OpenBSD: ieee80211_crypto.c,v 1.69 2017/03/23 04:10:10 tb Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -86,7 +86,7 @@ ieee80211_crypto_detach(struct ifnet *ifp)
while ((pmk = TAILQ_FIRST(&ic->ic_pmksa)) != NULL) {
TAILQ_REMOVE(&ic->ic_pmksa, pmk, pmk_next);
explicit_bzero(pmk, sizeof(*pmk));
- free(pmk, M_DEVBUF, 0);
+ free(pmk, M_DEVBUF, sizeof(*pmk));
}
/* clear all group keys from memory */
diff --git a/sys/net80211/ieee80211_crypto_bip.c b/sys/net80211/ieee80211_crypto_bip.c
index 6ab5fb676bf..307c05b1bce 100644
--- a/sys/net80211/ieee80211_crypto_bip.c
+++ b/sys/net80211/ieee80211_crypto_bip.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_crypto_bip.c,v 1.7 2015/11/24 13:45:06 mpi Exp $ */
+/* $OpenBSD: ieee80211_crypto_bip.c,v 1.8 2017/03/23 04:10:10 tb Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -68,8 +68,10 @@ ieee80211_bip_set_key(struct ieee80211com *ic, struct ieee80211_key *k)
void
ieee80211_bip_delete_key(struct ieee80211com *ic, struct ieee80211_key *k)
{
- if (k->k_priv != NULL)
- free(k->k_priv, M_DEVBUF, 0);
+ if (k->k_priv != NULL) {
+ explicit_bzero(k->k_priv, sizeof(struct ieee80211_bip_ctx));
+ free(k->k_priv, M_DEVBUF, sizeof(struct ieee80211_bip_ctx));
+ }
k->k_priv = NULL;
}
diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c
index 7a0ccb53337..acd60a6da2e 100644
--- a/sys/net80211/ieee80211_crypto_ccmp.c
+++ b/sys/net80211/ieee80211_crypto_ccmp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.18 2015/11/24 13:45:06 mpi Exp $ */
+/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.19 2017/03/23 04:10:10 tb Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -66,8 +66,10 @@ ieee80211_ccmp_set_key(struct ieee80211com *ic, struct ieee80211_key *k)
void
ieee80211_ccmp_delete_key(struct ieee80211com *ic, struct ieee80211_key *k)
{
- if (k->k_priv != NULL)
- free(k->k_priv, M_DEVBUF, 0);
+ if (k->k_priv != NULL) {
+ explicit_bzero(k->k_priv, sizeof(struct ieee80211_ccmp_ctx));
+ free(k->k_priv, M_DEVBUF, sizeof(struct ieee80211_ccmp_ctx));
+ }
k->k_priv = NULL;
}
diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c
index 81b1fe85b25..ee26433987e 100644
--- a/sys/net80211/ieee80211_crypto_tkip.c
+++ b/sys/net80211/ieee80211_crypto_tkip.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.27 2016/12/18 08:00:20 stsp Exp $ */
+/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.28 2017/03/23 04:10:10 tb Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -94,8 +94,10 @@ ieee80211_tkip_set_key(struct ieee80211com *ic, struct ieee80211_key *k)
void
ieee80211_tkip_delete_key(struct ieee80211com *ic, struct ieee80211_key *k)
{
- if (k->k_priv != NULL)
- free(k->k_priv, M_DEVBUF, 0);
+ if (k->k_priv != NULL) {
+ explicit_bzero(k->k_priv, sizeof(struct ieee80211_tkip_ctx));
+ free(k->k_priv, M_DEVBUF, sizeof(struct ieee80211_tkip_ctx));
+ }
k->k_priv = NULL;
}
diff --git a/sys/net80211/ieee80211_crypto_wep.c b/sys/net80211/ieee80211_crypto_wep.c
index 2e7958899a9..0bc428091c9 100644
--- a/sys/net80211/ieee80211_crypto_wep.c
+++ b/sys/net80211/ieee80211_crypto_wep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_crypto_wep.c,v 1.14 2015/11/24 13:45:06 mpi Exp $ */
+/* $OpenBSD: ieee80211_crypto_wep.c,v 1.15 2017/03/23 04:10:10 tb Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -66,8 +66,10 @@ ieee80211_wep_set_key(struct ieee80211com *ic, struct ieee80211_key *k)
void
ieee80211_wep_delete_key(struct ieee80211com *ic, struct ieee80211_key *k)
{
- if (k->k_priv != NULL)
- free(k->k_priv, M_DEVBUF, 0);
+ if (k->k_priv != NULL) {
+ explicit_bzero(k->k_priv, sizeof(struct ieee80211_wep_ctx));
+ free(k->k_priv, M_DEVBUF, sizeof(struct ieee80211_wep_ctx));
+ }
k->k_priv = NULL;
}
diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c
index 7da9a97f0f9..225e59c4007 100644
--- a/sys/net80211/ieee80211_ioctl.c
+++ b/sys/net80211/ieee80211_ioctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_ioctl.c,v 1.51 2017/03/21 07:59:54 stsp Exp $ */
+/* $OpenBSD: ieee80211_ioctl.c,v 1.52 2017/03/23 04:10:10 tb Exp $ */
/* $NetBSD: ieee80211_ioctl.c,v 1.15 2004/05/06 02:58:16 dyoung Exp $ */
/*-
@@ -178,7 +178,7 @@ ieee80211_disable_wep(struct ieee80211com *ic)
k = &ic->ic_nw_keys[i];
if (k->k_cipher != IEEE80211_CIPHER_NONE)
(*ic->ic_delete_key)(ic, NULL, k);
- memset(k, 0, sizeof(*k));
+ explicit_bzero(k, sizeof(*k));
}
ic->ic_flags &= ~IEEE80211_F_WEPON;
}
@@ -187,7 +187,7 @@ void
ieee80211_disable_rsn(struct ieee80211com *ic)
{
ic->ic_flags &= ~(IEEE80211_F_PSK | IEEE80211_F_RSNON);
- memset(ic->ic_psk, 0, sizeof(ic->ic_psk));
+ explicit_bzero(ic->ic_psk, sizeof(ic->ic_psk));
ic->ic_rsnprotos = 0;
ic->ic_rsnakms = 0;
ic->ic_rsngroupcipher = 0;