svn commit: r361776 - head/sys/dev/cxgbe/crypto
John Baldwin
jhb at FreeBSD.org
Wed Jun 3 22:18:22 UTC 2020
Author: jhb
Date: Wed Jun 3 22:18:21 2020
New Revision: 361776
URL: https://svnweb.freebsd.org/changeset/base/361776
Log:
Explicitly zero AES key schedules on the stack.
Reviewed by: delphij
MFC after: 1 week
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D25057
Modified:
head/sys/dev/cxgbe/crypto/t4_keyctx.c
Modified: head/sys/dev/cxgbe/crypto/t4_keyctx.c
==============================================================================
--- head/sys/dev/cxgbe/crypto/t4_keyctx.c Wed Jun 3 22:18:15 2020 (r361775)
+++ head/sys/dev/cxgbe/crypto/t4_keyctx.c Wed Jun 3 22:18:21 2020 (r361776)
@@ -75,6 +75,7 @@ t4_init_gmac_hash(const char *key, int klen, char *gha
rounds = rijndaelKeySetupEnc(keysched, key, klen * 8);
rijndaelEncrypt(keysched, rounds, zeroes, ghash);
+ explicit_bzero(keysched, sizeof(keysched));
}
/* Copy out the partial hash state from a software hash implementation. */
@@ -169,4 +170,5 @@ t4_aes_getdeckey(void *dec_key, const void *enc_key, u
break;
}
MPASS(dkey == dec_key);
+ explicit_bzero(ek, sizeof(ek));
}
More information about the svn-src-all
mailing list