zfsboot

Allan Jude Thu, 30 Mar 2017 17:05:25 -0700

Author: allanjude
Date: Fri Mar 31 00:04:32 2017
New Revision: 316311
URL: https://svnweb.freebsd.org/changeset/base/316311


Log:
  Add explicit_bzero() to libstand, and switch GELIBoot to using it
  
  Make sure sensitive memory is properly cleared when finished with it
  
  Reviewed by:  Eric McCorkle <e...@metricspace.net>
  Sponsored by: ScaleEngine Inc.
  Differential Revision:        https://reviews.freebsd.org/D9798

Modified:
  head/lib/libstand/Makefile
  head/sys/boot/geli/Makefile
  head/sys/boot/geli/geliboot.c
  head/sys/boot/geli/geliboot.h
  head/sys/boot/geli/geliboot_crypto.c
  head/sys/boot/i386/gptboot/gptboot.c
  head/sys/boot/i386/loader/main.c
  head/sys/boot/i386/zfsboot/zfsboot.c

Modified: head/lib/libstand/Makefile
==============================================================================
--- head/lib/libstand/Makefile  Thu Mar 30 23:49:57 2017        (r316310)
+++ head/lib/libstand/Makefile  Fri Mar 31 00:04:32 2017        (r316311)
@@ -155,5 +155,9 @@ SRCS+=      pkgfs.c
 SRCS+= nandfs.c
 .endif
 
+# explicit_bzero
+.PATH: ${SRCTOP}/sys/libkern
+SRCS+=  explicit_bzero.c
+
 .include <bsd.stand.mk>
 .include <bsd.lib.mk>

Modified: head/sys/boot/geli/Makefile
==============================================================================
--- head/sys/boot/geli/Makefile Thu Mar 30 23:49:57 2017        (r316310)
+++ head/sys/boot/geli/Makefile Fri Mar 31 00:04:32 2017        (r316311)
@@ -24,10 +24,6 @@ WARNS?=              0
 .PATH: ${.CURDIR}/../../../lib/libc/string
 SRCS+=  bcmp.c bcopy.c bzero.c
 
-# need explicit_bzero for crypto
-.PATH: ${.CURDIR}/../../../sys/libkern
-SRCS+=  explicit_bzero.c
-
 # Our password input method
 SRCS+=  pwgets.c
 

Modified: head/sys/boot/geli/geliboot.c
==============================================================================
--- head/sys/boot/geli/geliboot.c       Thu Mar 30 23:49:57 2017        
(r316310)
+++ head/sys/boot/geli/geliboot.c       Fri Mar 31 00:04:32 2017        
(r316311)
@@ -173,19 +173,19 @@ geli_attach(struct dsk *dskp, const char
                            sizeof(geli_e->md.md_salt), passphrase,
                            geli_e->md.md_iterations);
                        g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
-                       bzero(&dkey, sizeof(dkey));
+                       explicit_bzero(dkey, sizeof(dkey));
                }
 
                g_eli_crypto_hmac_final(&ctx, key, 0);
 
                error = g_eli_mkey_decrypt(&geli_e->md, key, mkey, &keynum);
-               bzero(&key, sizeof(key));
+               explicit_bzero(key, sizeof(key));
                if (error == -1) {
-                       bzero(&mkey, sizeof(mkey));
+                       explicit_bzero(mkey, sizeof(mkey));
                        printf("Bad GELI key: %d\n", error);
                        return (error);
                } else if (error != 0) {
-                       bzero(&mkey, sizeof(mkey));
+                       explicit_bzero(mkey, sizeof(mkey));
                        printf("Failed to decrypt GELI master key: %d\n", 
error);
                        return (error);
                }
@@ -203,7 +203,7 @@ geli_attach(struct dsk *dskp, const char
                        g_eli_crypto_hmac(mkp, G_ELI_MAXKEYLEN, "\x10", 1,
                            geli_e->sc.sc_ekey, 0);
                }
-               bzero(&mkey, sizeof(mkey));
+               explicit_bzero(mkey, sizeof(mkey));
 
                /* Initialize the per-sector IV. */
                switch (geli_e->sc.sc_ealgo) {
@@ -279,13 +279,13 @@ geli_read(struct dsk *dskp, off_t offset
                            geli_e->sc.sc_ekeylen, iv);
 
                        if (error != 0) {
-                               bzero(&gkey, sizeof(gkey));
+                               explicit_bzero(&gkey, sizeof(gkey));
                                printf("Failed to decrypt in geli_read()!");
                                return (error);
                        }
                        pbuf += secsize;
                }
-               bzero(&gkey, sizeof(gkey));
+               explicit_bzero(&gkey, sizeof(gkey));
                return (0);
        }
 

Modified: head/sys/boot/geli/geliboot.h
==============================================================================
--- head/sys/boot/geli/geliboot.h       Thu Mar 30 23:49:57 2017        
(r316310)
+++ head/sys/boot/geli/geliboot.h       Fri Mar 31 00:04:32 2017        
(r316311)
@@ -36,6 +36,7 @@
 #define _STRING_H_
 #define _STRINGS_H_
 #define _STDIO_H_
+
 #include <geom/eli/g_eli.h>
 #include <geom/eli/pkcs5v2.h>
 

Modified: head/sys/boot/geli/geliboot_crypto.c
==============================================================================
--- head/sys/boot/geli/geliboot_crypto.c        Thu Mar 30 23:49:57 2017        
(r316310)
+++ head/sys/boot/geli/geliboot_crypto.c        Fri Mar 31 00:04:32 2017        
(r316311)
@@ -110,7 +110,7 @@ g_eli_crypto_cipher(u_int algo, int enc,
 {
        u_char iv[keysize];
 
-       bzero(iv, sizeof(iv));
+       explicit_bzero(iv, sizeof(iv));
        return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
 }
 

Modified: head/sys/boot/i386/gptboot/gptboot.c
==============================================================================
--- head/sys/boot/i386/gptboot/gptboot.c        Thu Mar 30 23:49:57 2017        
(r316310)
+++ head/sys/boot/i386/gptboot/gptboot.c        Fri Mar 31 00:04:32 2017        
(r316311)
@@ -481,7 +481,7 @@ load(void)
 #ifdef LOADER_GELI_SUPPORT
     geliargs.size = sizeof(geliargs);
     bcopy(gelipw, geliargs.gelipw, sizeof(geliargs.gelipw));
-    bzero(gelipw, sizeof(gelipw));
+    explicit_bzero(gelipw, sizeof(gelipw));
 #endif
     __exec((caddr_t)addr, RB_BOOTINFO | (opts & RBX_MASK),
           MAKEBOOTDEV(dev_maj[dsk.type], dsk.part + 1, dsk.unit, 0xff),

Modified: head/sys/boot/i386/loader/main.c
==============================================================================
--- head/sys/boot/i386/loader/main.c    Thu Mar 30 23:49:57 2017        
(r316310)
+++ head/sys/boot/i386/loader/main.c    Fri Mar 31 00:04:32 2017        
(r316311)
@@ -175,7 +175,7 @@ main(void)
        if (zargs != NULL && zargs->size >= offsetof(struct zfs_boot_args, 
gelipw)) {
            if (zargs->gelipw[0] != '\0') {
                setenv("kern.geom.eli.passphrase", zargs->gelipw, 1);
-               bzero(zargs->gelipw, sizeof(zargs->gelipw));
+               explicit_bzero(zargs->gelipw, sizeof(zargs->gelipw));
            }
        }
     }
@@ -187,7 +187,7 @@ main(void)
        if (gargs != NULL && gargs->size >= offsetof(struct geli_boot_args, 
gelipw)) {
            if (gargs->gelipw[0] != '\0') {
                setenv("kern.geom.eli.passphrase", gargs->gelipw, 1);
-               bzero(gargs->gelipw, sizeof(gargs->gelipw));
+               explicit_bzero(gargs->gelipw, sizeof(gargs->gelipw));
            }
        }
     }

Modified: head/sys/boot/i386/zfsboot/zfsboot.c
==============================================================================
--- head/sys/boot/i386/zfsboot/zfsboot.c        Thu Mar 30 23:49:57 2017        
(r316310)
+++ head/sys/boot/i386/zfsboot/zfsboot.c        Fri Mar 31 00:04:32 2017        
(r316311)
@@ -926,7 +926,7 @@ load(void)
     zfsargs.primary_pool = primary_spa->spa_guid;
 #ifdef LOADER_GELI_SUPPORT
     bcopy(gelipw, zfsargs.gelipw, sizeof(zfsargs.gelipw));
-    bzero(gelipw, sizeof(gelipw));
+    explicit_bzero(gelipw, sizeof(gelipw));
 #else
     zfsargs.gelipw[0] = '\0';
 #endif
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r316311 - in head: lib/libstand sys/boot/geli sys/boot/i386/gptboot sys/boot/i386/loader sys/boot/i386/zfsboot

Reply via email to