svn commit: r331311 - head/sys/opencrypto
Conrad Meyer
cem at FreeBSD.org
Wed Mar 21 16:12:08 UTC 2018
Author: cem
Date: Wed Mar 21 16:12:07 2018
New Revision: 331311
URL: https://svnweb.freebsd.org/changeset/base/331311
Log:
cryptosoft(4): Zero plain hash contexts, too
An OCF-naive user program could use these primitives to implement HMAC, for
example. This would make the freed context sensitive data.
Probably other bzeros in this file should be explicit_bzeros as well.
Future work.
Reviewed by: jhb, markj
Differential Revision: https://reviews.freebsd.org/D14662 (minor part of a larger work)
Modified:
head/sys/opencrypto/cryptosoft.c
Modified: head/sys/opencrypto/cryptosoft.c
==============================================================================
--- head/sys/opencrypto/cryptosoft.c Wed Mar 21 15:57:36 2018 (r331310)
+++ head/sys/opencrypto/cryptosoft.c Wed Mar 21 16:12:07 2018 (r331311)
@@ -1053,8 +1053,10 @@ swcr_freesession_locked(device_t dev, u_int64_t tid)
case CRYPTO_SHA1:
axf = swd->sw_axf;
- if (swd->sw_ictx)
+ if (swd->sw_ictx) {
+ explicit_bzero(swd->sw_ictx, axf->ctxsize);
free(swd->sw_ictx, M_CRYPTO_DATA);
+ }
break;
case CRYPTO_DEFLATE_COMP:
More information about the svn-src-all
mailing list