svn commit: r316311 - in head: lib/libstand sys/boot/geli sys/boot/i386/gptboot sys/boot/i386/loader sys/boot/i386/zfsboot
Allan Jude
allanjude at FreeBSD.org
Fri Mar 31 00:04:34 UTC 2017
Author: allanjude
Date: Fri Mar 31 00:04:32 2017
New Revision: 316311
URL: https://svnweb.freebsd.org/changeset/base/316311
Log:
Add explicit_bzero() to libstand, and switch GELIBoot to using it
Make sure sensitive memory is properly cleared when finished with it
Reviewed by: Eric McCorkle <eric at metricspace.net>
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D9798
Modified:
head/lib/libstand/Makefile
head/sys/boot/geli/Makefile
head/sys/boot/geli/geliboot.c
head/sys/boot/geli/geliboot.h
head/sys/boot/geli/geliboot_crypto.c
head/sys/boot/i386/gptboot/gptboot.c
head/sys/boot/i386/loader/main.c
head/sys/boot/i386/zfsboot/zfsboot.c
Modified: head/lib/libstand/Makefile
==============================================================================
--- head/lib/libstand/Makefile Thu Mar 30 23:49:57 2017 (r316310)
+++ head/lib/libstand/Makefile Fri Mar 31 00:04:32 2017 (r316311)
@@ -155,5 +155,9 @@ SRCS+= pkgfs.c
SRCS+= nandfs.c
.endif
+# explicit_bzero
+.PATH: ${SRCTOP}/sys/libkern
+SRCS+= explicit_bzero.c
+
.include <bsd.stand.mk>
.include <bsd.lib.mk>
Modified: head/sys/boot/geli/Makefile
==============================================================================
--- head/sys/boot/geli/Makefile Thu Mar 30 23:49:57 2017 (r316310)
+++ head/sys/boot/geli/Makefile Fri Mar 31 00:04:32 2017 (r316311)
@@ -24,10 +24,6 @@ WARNS?= 0
.PATH: ${.CURDIR}/../../../lib/libc/string
SRCS+= bcmp.c bcopy.c bzero.c
-# need explicit_bzero for crypto
-.PATH: ${.CURDIR}/../../../sys/libkern
-SRCS+= explicit_bzero.c
-
# Our password input method
SRCS+= pwgets.c
Modified: head/sys/boot/geli/geliboot.c
==============================================================================
--- head/sys/boot/geli/geliboot.c Thu Mar 30 23:49:57 2017 (r316310)
+++ head/sys/boot/geli/geliboot.c Fri Mar 31 00:04:32 2017 (r316311)
@@ -173,19 +173,19 @@ geli_attach(struct dsk *dskp, const char
sizeof(geli_e->md.md_salt), passphrase,
geli_e->md.md_iterations);
g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
- bzero(&dkey, sizeof(dkey));
+ explicit_bzero(dkey, sizeof(dkey));
}
g_eli_crypto_hmac_final(&ctx, key, 0);
error = g_eli_mkey_decrypt(&geli_e->md, key, mkey, &keynum);
- bzero(&key, sizeof(key));
+ explicit_bzero(key, sizeof(key));
if (error == -1) {
- bzero(&mkey, sizeof(mkey));
+ explicit_bzero(mkey, sizeof(mkey));
printf("Bad GELI key: %d\n", error);
return (error);
} else if (error != 0) {
- bzero(&mkey, sizeof(mkey));
+ explicit_bzero(mkey, sizeof(mkey));
printf("Failed to decrypt GELI master key: %d\n", error);
return (error);
}
@@ -203,7 +203,7 @@ geli_attach(struct dsk *dskp, const char
g_eli_crypto_hmac(mkp, G_ELI_MAXKEYLEN, "\x10", 1,
geli_e->sc.sc_ekey, 0);
}
- bzero(&mkey, sizeof(mkey));
+ explicit_bzero(mkey, sizeof(mkey));
/* Initialize the per-sector IV. */
switch (geli_e->sc.sc_ealgo) {
@@ -279,13 +279,13 @@ geli_read(struct dsk *dskp, off_t offset
geli_e->sc.sc_ekeylen, iv);
if (error != 0) {
- bzero(&gkey, sizeof(gkey));
+ explicit_bzero(&gkey, sizeof(gkey));
printf("Failed to decrypt in geli_read()!");
return (error);
}
pbuf += secsize;
}
- bzero(&gkey, sizeof(gkey));
+ explicit_bzero(&gkey, sizeof(gkey));
return (0);
}
Modified: head/sys/boot/geli/geliboot.h
==============================================================================
--- head/sys/boot/geli/geliboot.h Thu Mar 30 23:49:57 2017 (r316310)
+++ head/sys/boot/geli/geliboot.h Fri Mar 31 00:04:32 2017 (r316311)
@@ -36,6 +36,7 @@
#define _STRING_H_
#define _STRINGS_H_
#define _STDIO_H_
+
#include <geom/eli/g_eli.h>
#include <geom/eli/pkcs5v2.h>
Modified: head/sys/boot/geli/geliboot_crypto.c
==============================================================================
--- head/sys/boot/geli/geliboot_crypto.c Thu Mar 30 23:49:57 2017 (r316310)
+++ head/sys/boot/geli/geliboot_crypto.c Fri Mar 31 00:04:32 2017 (r316311)
@@ -110,7 +110,7 @@ g_eli_crypto_cipher(u_int algo, int enc,
{
u_char iv[keysize];
- bzero(iv, sizeof(iv));
+ explicit_bzero(iv, sizeof(iv));
return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
}
Modified: head/sys/boot/i386/gptboot/gptboot.c
==============================================================================
--- head/sys/boot/i386/gptboot/gptboot.c Thu Mar 30 23:49:57 2017 (r316310)
+++ head/sys/boot/i386/gptboot/gptboot.c Fri Mar 31 00:04:32 2017 (r316311)
@@ -481,7 +481,7 @@ load(void)
#ifdef LOADER_GELI_SUPPORT
geliargs.size = sizeof(geliargs);
bcopy(gelipw, geliargs.gelipw, sizeof(geliargs.gelipw));
- bzero(gelipw, sizeof(gelipw));
+ explicit_bzero(gelipw, sizeof(gelipw));
#endif
__exec((caddr_t)addr, RB_BOOTINFO | (opts & RBX_MASK),
MAKEBOOTDEV(dev_maj[dsk.type], dsk.part + 1, dsk.unit, 0xff),
Modified: head/sys/boot/i386/loader/main.c
==============================================================================
--- head/sys/boot/i386/loader/main.c Thu Mar 30 23:49:57 2017 (r316310)
+++ head/sys/boot/i386/loader/main.c Fri Mar 31 00:04:32 2017 (r316311)
@@ -175,7 +175,7 @@ main(void)
if (zargs != NULL && zargs->size >= offsetof(struct zfs_boot_args, gelipw)) {
if (zargs->gelipw[0] != '\0') {
setenv("kern.geom.eli.passphrase", zargs->gelipw, 1);
- bzero(zargs->gelipw, sizeof(zargs->gelipw));
+ explicit_bzero(zargs->gelipw, sizeof(zargs->gelipw));
}
}
}
@@ -187,7 +187,7 @@ main(void)
if (gargs != NULL && gargs->size >= offsetof(struct geli_boot_args, gelipw)) {
if (gargs->gelipw[0] != '\0') {
setenv("kern.geom.eli.passphrase", gargs->gelipw, 1);
- bzero(gargs->gelipw, sizeof(gargs->gelipw));
+ explicit_bzero(gargs->gelipw, sizeof(gargs->gelipw));
}
}
}
Modified: head/sys/boot/i386/zfsboot/zfsboot.c
==============================================================================
--- head/sys/boot/i386/zfsboot/zfsboot.c Thu Mar 30 23:49:57 2017 (r316310)
+++ head/sys/boot/i386/zfsboot/zfsboot.c Fri Mar 31 00:04:32 2017 (r316311)
@@ -926,7 +926,7 @@ load(void)
zfsargs.primary_pool = primary_spa->spa_guid;
#ifdef LOADER_GELI_SUPPORT
bcopy(gelipw, zfsargs.gelipw, sizeof(zfsargs.gelipw));
- bzero(gelipw, sizeof(gelipw));
+ explicit_bzero(gelipw, sizeof(gelipw));
#else
zfsargs.gelipw[0] = '\0';
#endif
More information about the svn-src-all
mailing list