diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2011-01-11 15:42:07 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2011-01-11 15:42:07 +0000 |
| commit | b8adaa72672fc21a17c44baf5ab66efb66e8c6f1 (patch) | |
| tree | 553d59faec2af2eebc1396c6fa7c4f2c9f277c35 /sys/crypto/cryptosoft.c | |
| parent | c9145e6ecb84db6c26896fbf4b51a9a25172e9b2 (diff) | |
for key material that is being being discarded, convert bzero() to
explicit_bzero() where required
ok markus mikeb
Diffstat (limited to 'sys/crypto/cryptosoft.c')
| -rw-r--r-- | sys/crypto/cryptosoft.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c index 8ab270b8607..197cf2c1404 100644 --- a/sys/crypto/cryptosoft.c +++ b/sys/crypto/cryptosoft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.c,v 1.59 2010/12/22 00:55:45 deraadt Exp $ */ +/* $OpenBSD: cryptosoft.c,v 1.60 2011/01/11 15:42:05 deraadt Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -293,7 +293,7 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, */ if (uio->uio_iov[ind].iov_len < k + blks && uio->uio_iov[ind].iov_len != k) { - cuio_copydata(uio, k, blks, blk); + cuio_copydata(uio, count, blks, blk); /* Actual encryption/decryption */ if (exf->reinit) { @@ -334,7 +334,7 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, } /* Copy back decrypted block */ - cuio_copyback(uio, k, blks, blk); + cuio_copyback(uio, count, blks, blk); count += blks; @@ -395,6 +395,19 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, k += blks; i -= blks; } + + /* + * Advance to the next iov if the end of the current iov + * is aligned with the end of a cipher block. + * Note that the code is equivalent to calling: + * ind = cuio_getptr(uio, count, &k); + */ + if (i > 0 && k == uio->uio_iov[ind].iov_len) { + k = 0; + ind++; + if (ind >= uio->uio_iovcnt) + return (EINVAL); + } } } @@ -984,11 +997,11 @@ swcr_freesession(u_int64_t tid) axf = swd->sw_axf; if (swd->sw_ictx) { - bzero(swd->sw_ictx, axf->ctxsize); + explicit_bzero(swd->sw_ictx, axf->ctxsize); free(swd->sw_ictx, M_CRYPTO_DATA); } if (swd->sw_octx) { - bzero(swd->sw_octx, axf->ctxsize); + explicit_bzero(swd->sw_octx, axf->ctxsize); free(swd->sw_octx, M_CRYPTO_DATA); } break; @@ -998,11 +1011,11 @@ swcr_freesession(u_int64_t tid) axf = swd->sw_axf; if (swd->sw_ictx) { - bzero(swd->sw_ictx, axf->ctxsize); + explicit_bzero(swd->sw_ictx, axf->ctxsize); free(swd->sw_ictx, M_CRYPTO_DATA); } if (swd->sw_octx) { - bzero(swd->sw_octx, swd->sw_klen); + explicit_bzero(swd->sw_octx, swd->sw_klen); free(swd->sw_octx, M_CRYPTO_DATA); } break; @@ -1015,7 +1028,7 @@ swcr_freesession(u_int64_t tid) axf = swd->sw_axf; if (swd->sw_ictx) { - bzero(swd->sw_ictx, axf->ctxsize); + explicit_bzero(swd->sw_ictx, axf->ctxsize); free(swd->sw_ictx, M_CRYPTO_DATA); } break; |