Author: cem Date: Wed Mar 21 16:12:07 2018 New Revision: 331311 URL: https://svnweb.freebsd.org/changeset/base/331311
Log: cryptosoft(4): Zero plain hash contexts, too An OCF-naive user program could use these primitives to implement HMAC, for example. This would make the freed context sensitive data. Probably other bzeros in this file should be explicit_bzeros as well. Future work. Reviewed by: jhb, markj Differential Revision: https://reviews.freebsd.org/D14662 (minor part of a larger work) Modified: head/sys/opencrypto/cryptosoft.c Modified: head/sys/opencrypto/cryptosoft.c ============================================================================== --- head/sys/opencrypto/cryptosoft.c Wed Mar 21 15:57:36 2018 (r331310) +++ head/sys/opencrypto/cryptosoft.c Wed Mar 21 16:12:07 2018 (r331311) @@ -1053,8 +1053,10 @@ swcr_freesession_locked(device_t dev, u_int64_t tid) case CRYPTO_SHA1: axf = swd->sw_axf; - if (swd->sw_ictx) + if (swd->sw_ictx) { + explicit_bzero(swd->sw_ictx, axf->ctxsize); free(swd->sw_ictx, M_CRYPTO_DATA); + } break; case CRYPTO_DEFLATE_COMP: _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
