diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1999-02-25 20:14:42 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1999-02-25 20:14:42 +0000 |
| commit | 50edc37aaa84525b9d2a9c08b9e9d169e9af8c61 (patch) | |
| tree | 040f18d6ec04ac15bede36d2bf6d121afc84b4ab /sys/netinet | |
| parent | 31429ad66f5aed553b995e129ba6a90060e149c0 (diff) | |
Bzero key information before free'ing it, just for paranoia's sake.
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_ah_new.c | 8 | ||||
| -rw-r--r-- | sys/netinet/ip_ah_old.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_esp_new.c | 35 | ||||
| -rw-r--r-- | sys/netinet/ip_esp_old.c | 14 |
4 files changed, 58 insertions, 5 deletions
diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c index 5ebfbe47c13..cdb781deb56 100644 --- a/sys/netinet/ip_ah_new.c +++ b/sys/netinet/ip_ah_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah_new.c,v 1.23 1999/02/24 23:45:47 angelos Exp $ */ +/* $OpenBSD: ip_ah_new.c,v 1.24 1999/02/25 20:14:36 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -181,12 +181,18 @@ ah_new_zeroize(struct tdb *tdbp) { if (tdbp->tdb_ictx) { + if (tdbp->tdb_authalgxform) + bzero(tdbp->tdb_ictx, tdbp->tdb_authalgxform->ctxsize); + FREE(tdbp->tdb_ictx, M_XDATA); tdbp->tdb_ictx = NULL; } if (tdbp->tdb_octx) { + if (tdbp->tdb_authalgxform) + bzero(tdbp->tdb_octx, tdbp->tdb_authalgxform->ctxsize); + FREE(tdbp->tdb_octx, M_XDATA); tdbp->tdb_octx = NULL; } diff --git a/sys/netinet/ip_ah_old.c b/sys/netinet/ip_ah_old.c index e10ed13fb79..841d954fe8d 100644 --- a/sys/netinet/ip_ah_old.c +++ b/sys/netinet/ip_ah_old.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah_old.c,v 1.20 1999/02/24 23:45:48 angelos Exp $ */ +/* $OpenBSD: ip_ah_old.c,v 1.21 1999/02/25 20:14:38 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -159,12 +159,16 @@ ah_old_zeroize(struct tdb *tdbp) { if (tdbp->tdb_amxkey) { + bzero(tdbp->tdb_amxkey, tdbp->tdb_amxkeylen); FREE(tdbp->tdb_amxkey, M_XDATA); tdbp->tdb_amxkey = NULL; } if (tdbp->tdb_ictx) { + if (tdbp->tdb_authalgxform) + bzero(tdbp->tdb_ictx, tdbp->tdb_authalgxform->ctxsize); + FREE(tdbp->tdb_ictx, M_XDATA); tdbp->tdb_ictx = NULL; } diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c index e39db26f067..e29df8f72a3 100644 --- a/sys/netinet/ip_esp_new.c +++ b/sys/netinet/ip_esp_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_new.c,v 1.37 1999/02/25 18:43:42 angelos Exp $ */ +/* $OpenBSD: ip_esp_new.c,v 1.38 1999/02/25 20:14:40 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -374,22 +374,53 @@ esp_new_zeroize(struct tdb *tdbp) tdbp->tdb_encalgxform->type == SADB_EALG_X_SKIPJACK) for (k = 0; k < 10; k++) if (((u_int8_t **)tdbp->tdb_key)[k] != NULL) - FREE(((u_int8_t **)tdbp->tdb_key)[k], M_XDATA); + { + bzero(((u_int8_t **)tdbp->tdb_key)[k], 0x100); + FREE(((u_int8_t **)tdbp->tdb_key)[k], M_XDATA); + } if (tdbp->tdb_key) { + if (tdbp->tdb_encalgxform) + switch (tdbp->tdb_encalgxform->type) + { + case SADB_EALG_DESCBC: + k = 128; + break; + + case SADB_EALG_3DESCBC: + k = 384; + break; + + case SADB_EALG_X_BLF: + k = sizeof(blf_ctx); + break; + + case SADB_EALG_X_CAST: + k = sizeof(cast_key); + break; + + default: + k = 0; + } + + bzero(tdbp->tdb_key, k); FREE(tdbp->tdb_key, M_XDATA); tdbp->tdb_key = NULL; } if (tdbp->tdb_ictx) { + if (tdbp->tdb_authalgxform) + bzero(tdbp->tdb_ictx, tdbp->tdb_authalgxform->ctxsize); FREE(tdbp->tdb_ictx, M_XDATA); tdbp->tdb_ictx = NULL; } if (tdbp->tdb_octx) { + if (tdbp->tdb_authalgxform) + bzero(tdbp->tdb_octx, tdbp->tdb_authalgxform->ctxsize); FREE(tdbp->tdb_octx, M_XDATA); tdbp->tdb_octx = NULL; } diff --git a/sys/netinet/ip_esp_old.c b/sys/netinet/ip_esp_old.c index 2cba906f2ca..2c51ead6429 100644 --- a/sys/netinet/ip_esp_old.c +++ b/sys/netinet/ip_esp_old.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_old.c,v 1.29 1999/02/24 23:45:50 angelos Exp $ */ +/* $OpenBSD: ip_esp_old.c,v 1.30 1999/02/25 20:14:41 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -208,6 +208,18 @@ esp_old_zeroize(struct tdb *tdbp) { if (tdbp->tdb_key) { + if (tdbp->tdb_encalgxform) + switch (tdbp->tdb_encalgxform->type) + { + case SADB_EALG_DESCBC: + bzero(tdbp->tdb_key, 128); + break; + + case SADB_EALG_3DESCBC: + bzero(tdbp->tdb_key, 384); + break; + } + FREE(tdbp->tdb_key, M_XDATA); tdbp->tdb_key = NULL; } |