src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo de Raadt <deraadt@cvs.openbsd.org>	2011-01-11 15:42:07 +0000
committer	Theo de Raadt <deraadt@cvs.openbsd.org>	2011-01-11 15:42:07 +0000
commit	b8adaa72672fc21a17c44baf5ab66efb66e8c6f1 (patch)
tree	553d59faec2af2eebc1396c6fa7c4f2c9f277c35 /sys/crypto
parent	c9145e6ecb84db6c26896fbf4b51a9a25172e9b2 (diff)

for key material that is being being discarded, convert bzero() to

explicit_bzero() where required ok markus mikeb

Diffstat (limited to 'sys/crypto')

-rw-r--r--

sys/crypto/cmac.c

-rw-r--r--

sys/crypto/crypto.c

-rw-r--r--

sys/crypto/cryptosoft.c

-rw-r--r--

sys/crypto/hmac.c

-rw-r--r--

sys/crypto/key_wrap.c

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

9 files changed, 52 insertions, 39 deletions

diff --git a/sys/crypto/cmac.c b/sys/crypto/cmac.c
index 81ab6af204c..366f30f5749 100644
--- a/sys/crypto/cmac.c
+++ b/sys/crypto/cmac.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: cmac.c,v 1.1 2008/08/12 15:43:00 damien Exp $ */

+/* $OpenBSD: cmac.c,v 1.2 2011/01/11 15:42:05 deraadt Exp $ */

/*-

@@ -116,5 +116,5 @@ AES_CMAC_Final(u_int8_t digest[AES_CMAC_DIGEST_LENGTH], AES_CMAC_CTX *ctx)

XOR(ctx->M_last, ctx->X);

rijndael_encrypt(&ctx->rijndael, ctx->X, digest);

- memset(K, 0, sizeof K);

+ explicit_bzero(K, sizeof K);

}

diff --git a/sys/crypto/crypto.c b/sys/crypto/crypto.c
index f30bf32f6b9..434c70309b2 100644
--- a/sys/crypto/crypto.c
+++ b/sys/crypto/crypto.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: crypto.c,v 1.58 2010/09/08 14:15:56 jsing Exp $ */

+/* $OpenBSD: crypto.c,v 1.59 2011/01/11 15:42:05 deraadt Exp $ */

* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)

@@ -201,7 +201,7 @@ crypto_freesession(u_int64_t sid)

if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) &&

crypto_drivers[hid].cc_sessions == 0)

- bzero(&crypto_drivers[hid], sizeof(struct cryptocap));

+ explicit_bzero(&crypto_drivers[hid], sizeof(struct cryptocap));

splx(s);

return err;

diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c
index 8ab270b8607..197cf2c1404 100644
--- a/sys/crypto/cryptosoft.c
+++ b/sys/crypto/cryptosoft.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: cryptosoft.c,v 1.59 2010/12/22 00:55:45 deraadt Exp $ */

+/* $OpenBSD: cryptosoft.c,v 1.60 2011/01/11 15:42:05 deraadt Exp $ */

* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)

@@ -293,7 +293,7 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,

if (uio->uio_iov[ind].iov_len < k + blks &&

uio->uio_iov[ind].iov_len != k) {

- cuio_copydata(uio, k, blks, blk);

+ cuio_copydata(uio, count, blks, blk);

/* Actual encryption/decryption */

if (exf->reinit) {

@@ -334,7 +334,7 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,

}

/* Copy back decrypted block */

- cuio_copyback(uio, k, blks, blk);

+ cuio_copyback(uio, count, blks, blk);

count += blks;

@@ -395,6 +395,19 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf,

k += blks;

i -= blks;

}

+ /*

+ * Advance to the next iov if the end of the current iov

+ * is aligned with the end of a cipher block.

+ * Note that the code is equivalent to calling:

+ * ind = cuio_getptr(uio, count, &k);

+ */

+ if (i > 0 && k == uio->uio_iov[ind].iov_len) {

+ k = 0;

+ ind++;

+ if (ind >= uio->uio_iovcnt)

+ return (EINVAL);

+ }

}

@@ -984,11 +997,11 @@ swcr_freesession(u_int64_t tid)

axf = swd->sw_axf;

if (swd->sw_ictx) {

- bzero(swd->sw_ictx, axf->ctxsize);

+ explicit_bzero(swd->sw_ictx, axf->ctxsize);

free(swd->sw_ictx, M_CRYPTO_DATA);

}

if (swd->sw_octx) {

- bzero(swd->sw_octx, axf->ctxsize);

+ explicit_bzero(swd->sw_octx, axf->ctxsize);

free(swd->sw_octx, M_CRYPTO_DATA);

}

break;

@@ -998,11 +1011,11 @@ swcr_freesession(u_int64_t tid)

axf = swd->sw_axf;

if (swd->sw_ictx) {

- bzero(swd->sw_ictx, axf->ctxsize);

+ explicit_bzero(swd->sw_ictx, axf->ctxsize);

free(swd->sw_ictx, M_CRYPTO_DATA);

}

if (swd->sw_octx) {

- bzero(swd->sw_octx, swd->sw_klen);

+ explicit_bzero(swd->sw_octx, swd->sw_klen);

free(swd->sw_octx, M_CRYPTO_DATA);

}

break;

@@ -1015,7 +1028,7 @@ swcr_freesession(u_int64_t tid)

axf = swd->sw_axf;

if (swd->sw_ictx) {

- bzero(swd->sw_ictx, axf->ctxsize);

+ explicit_bzero(swd->sw_ictx, axf->ctxsize);

free(swd->sw_ictx, M_CRYPTO_DATA);

}

break;

diff --git a/sys/crypto/hmac.c b/sys/crypto/hmac.c
index 0922af34b79..118f9a760d9 100644
--- a/sys/crypto/hmac.c
+++ b/sys/crypto/hmac.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: hmac.c,v 1.2 2008/09/06 22:23:20 djm Exp $ */

+/* $OpenBSD: hmac.c,v 1.3 2011/01/11 15:42:05 deraadt Exp $ */

/*-

@@ -53,7 +53,7 @@ HMAC_MD5_Init(HMAC_MD5_CTX *ctx, const u_int8_t *key, u_int key_len)

MD5Init(&ctx->ctx);

MD5Update(&ctx->ctx, k_ipad, MD5_BLOCK_LENGTH);

- bzero(k_ipad, sizeof k_ipad);

+ explicit_bzero(k_ipad, sizeof k_ipad);

}

void

@@ -80,7 +80,7 @@ HMAC_MD5_Final(u_int8_t digest[MD5_DIGEST_LENGTH], HMAC_MD5_CTX *ctx)

MD5Update(&ctx->ctx, digest, MD5_DIGEST_LENGTH);

MD5Final(digest, &ctx->ctx);

- bzero(k_opad, sizeof k_opad);

+ explicit_bzero(k_opad, sizeof k_opad);

}

void

@@ -107,7 +107,7 @@ HMAC_SHA1_Init(HMAC_SHA1_CTX *ctx, const u_int8_t *key, u_int key_len)

SHA1Init(&ctx->ctx);

SHA1Update(&ctx->ctx, k_ipad, SHA1_BLOCK_LENGTH);

- bzero(k_ipad, sizeof k_ipad);

+ explicit_bzero(k_ipad, sizeof k_ipad);

}

void

@@ -134,7 +134,7 @@ HMAC_SHA1_Final(u_int8_t digest[SHA1_DIGEST_LENGTH], HMAC_SHA1_CTX *ctx)

SHA1Update(&ctx->ctx, digest, SHA1_DIGEST_LENGTH);

SHA1Final(digest, &ctx->ctx);

- bzero(k_opad, sizeof k_opad);

+ explicit_bzero(k_opad, sizeof k_opad);

}

void

@@ -161,7 +161,7 @@ HMAC_SHA256_Init(HMAC_SHA256_CTX *ctx, const u_int8_t *key, u_int key_len)

SHA256Init(&ctx->ctx);

SHA256Update(&ctx->ctx, k_ipad, SHA256_BLOCK_LENGTH);

- bzero(k_ipad, sizeof k_ipad);

+ explicit_bzero(k_ipad, sizeof k_ipad);

}

void

@@ -188,5 +188,5 @@ HMAC_SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], HMAC_SHA256_CTX *ctx)

SHA256Update(&ctx->ctx, digest, SHA256_DIGEST_LENGTH);

SHA256Final(digest, &ctx->ctx);

- bzero(k_opad, sizeof k_opad);

+ explicit_bzero(k_opad, sizeof k_opad);

}

diff --git a/sys/crypto/key_wrap.c b/sys/crypto/key_wrap.c
index b9009ad54b3..4605bd6b3e7 100644
--- a/sys/crypto/key_wrap.c
+++ b/sys/crypto/key_wrap.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: key_wrap.c,v 1.2 2010/07/20 15:36:03 matthew Exp $ */

+/* $OpenBSD: key_wrap.c,v 1.3 2011/01/11 15:42:05 deraadt Exp $ */

/*-

@@ -72,7 +72,7 @@ aes_key_wrap(aes_key_wrap_ctx *ctx, const u_int8_t *P, size_t n, u_int8_t *C)

R += 8;

}

- memset(B, 0, sizeof B);

+ explicit_bzero(B, sizeof B);

}

int

@@ -105,7 +105,7 @@ aes_key_unwrap(aes_key_wrap_ctx *ctx, const u_int8_t *C, u_int8_t *P, size_t n)

R -= 8;

}

- memset(B, 0, sizeof B);

+ explicit_bzero(B, sizeof B);

/* check that A is an appropriate initial value */

return timingsafe_bcmp(A, IV, 8) != 0;

diff --git a/sys/crypto/md5.c b/sys/crypto/md5.c
index a9b9ffac8db..ac90af873e4 100644
--- a/sys/crypto/md5.c
+++ b/sys/crypto/md5.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: md5.c,v 1.1 2004/05/07 14:42:26 millert Exp $ */

+/* $OpenBSD: md5.c,v 1.2 2011/01/11 15:42:05 deraadt Exp $ */

* This code implements the MD5 message-digest algorithm.

@@ -121,7 +121,7 @@ MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)

for (i = 0; i < 4; i++)

PUT_32BIT_LE(digest + i * 4, ctx->state[i]);

}

- bzero(ctx, sizeof(*ctx)); /* in case it's sensitive */

+ explicit_bzero(ctx, sizeof(*ctx)); /* in case it's sensitive */

}

diff --git a/sys/crypto/rmd160.c b/sys/crypto/rmd160.c
index b627a61f375..e2af9ace7a0 100644
--- a/sys/crypto/rmd160.c
+++ b/sys/crypto/rmd160.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: rmd160.c,v 1.4 2003/12/14 11:22:35 markus Exp $ */

+/* $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $ */

@@ -150,7 +150,7 @@ RMD160Final(u_char digest[20], RMD160_CTX *ctx)

for (i = 0; i < 5; i++)

PUT_32BIT_LE(digest + i*4, ctx->state[i]);

- memset(ctx, 0, sizeof (*ctx));

+ explicit_bzero(ctx, sizeof (*ctx));

}

void

diff --git a/sys/crypto/sha2.c b/sys/crypto/sha2.c
index bca331f1e64..01a8e4d1bfe 100644
--- a/sys/crypto/sha2.c
+++ b/sys/crypto/sha2.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: sha2.c,v 1.7 2008/09/06 22:23:20 djm Exp $ */

+/* $OpenBSD: sha2.c,v 1.8 2011/01/11 15:42:05 deraadt Exp $ */

* FILE: sha2.c

@@ -548,7 +548,7 @@ SHA256Final(u_int8_t digest[], SHA2_CTX *context)

}

/* Clean up state data: */

- bzero(context, sizeof(*context));

+ explicit_bzero(context, sizeof(*context));

usedspace = 0;

}

@@ -844,7 +844,7 @@ SHA512Final(u_int8_t digest[], SHA2_CTX *context)

}

/* Zero out state data */

- bzero(context, sizeof(*context));

+ explicit_bzero(context, sizeof(*context));

}

@@ -892,5 +892,5 @@ SHA384Final(u_int8_t digest[], SHA2_CTX *context)

}

/* Zero out state data */

- bzero(context, sizeof(*context));

+ explicit_bzero(context, sizeof(*context));

}

diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c
index daacd682737..f35a2b8ed80 100644
--- a/sys/crypto/xform.c
+++ b/sys/crypto/xform.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: xform.c,v 1.40 2010/10/06 22:19:20 mikeb Exp $ */

+/* $OpenBSD: xform.c,v 1.41 2011/01/11 15:42:05 deraadt Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

* Angelos D. Keromytis (kermit@csd.uch.gr),

@@ -386,7 +386,7 @@ des1_setkey(u_int8_t **sched, u_int8_t *key, int len)

void

des1_zerokey(u_int8_t **sched)

{

- bzero(*sched, 128);

+ explicit_bzero(*sched, 128);

free(*sched, M_CRYPTO_DATA);

*sched = NULL;

}

@@ -420,7 +420,7 @@ des3_setkey(u_int8_t **sched, u_int8_t *key, int len)

void

des3_zerokey(u_int8_t **sched)

{

- bzero(*sched, 384);

+ explicit_bzero(*sched, 384);

free(*sched, M_CRYPTO_DATA);

*sched = NULL;

}

@@ -449,7 +449,7 @@ blf_setkey(u_int8_t **sched, u_int8_t *key, int len)

void

blf_zerokey(u_int8_t **sched)

{

- bzero(*sched, sizeof(blf_ctx));

+ explicit_bzero(*sched, sizeof(blf_ctx));

free(*sched, M_CRYPTO_DATA);

*sched = NULL;

}

@@ -499,7 +499,7 @@ cast5_setkey(u_int8_t **sched, u_int8_t *key, int len)

void

cast5_zerokey(u_int8_t **sched)

{

- bzero(*sched, sizeof(cast_key));

+ explicit_bzero(*sched, sizeof(cast_key));

free(*sched, M_CRYPTO_DATA);

*sched = NULL;

}

@@ -533,7 +533,7 @@ rijndael128_setkey(u_int8_t **sched, u_int8_t *key, int len)

void

rijndael128_zerokey(u_int8_t **sched)

{

- bzero(*sched, sizeof(rijndael_ctx));

+ explicit_bzero(*sched, sizeof(rijndael_ctx));

free(*sched, M_CRYPTO_DATA);

*sched = NULL;

}

@@ -615,7 +615,7 @@ aes_ctr_setkey(u_int8_t **sched, u_int8_t *key, int len)

void

aes_ctr_zerokey(u_int8_t **sched)

{

- bzero(*sched, sizeof(struct aes_ctr_ctx));

+ explicit_bzero(*sched, sizeof(struct aes_ctr_ctx));

free(*sched, M_CRYPTO_DATA);

*sched = NULL;

}

@@ -678,7 +678,7 @@ aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt)

}

if (carry_in)

ctx->tweak[0] ^= AES_XTS_ALPHA;

- bzero(block, sizeof(block));

+ explicit_bzero(block, sizeof(block));

}

void

@@ -714,7 +714,7 @@ aes_xts_setkey(u_int8_t **sched, u_int8_t *key, int len)

void

aes_xts_zerokey(u_int8_t **sched)

{

- bzero(*sched, sizeof(struct aes_xts_ctx));

+ explicit_bzero(*sched, sizeof(struct aes_xts_ctx));

free(*sched, M_CRYPTO_DATA);

*sched = NULL;

}