D9798.diff
No OneTemporary
Actions

Size

4 KB

Referenced Files

None

Subscribers

None

D9798.diff
View Options

	Index: head/lib/libstand/Makefile
	===================================================================
	--- head/lib/libstand/Makefile
	+++ head/lib/libstand/Makefile
	@@ -155,5 +155,9 @@
	SRCS+= nandfs.c
	.endif

	+# explicit_bzero
	+.PATH: ${SRCTOP}/sys/libkern
	+SRCS+= explicit_bzero.c
	+
	.include <bsd.stand.mk>
	.include <bsd.lib.mk>
	Index: head/sys/boot/geli/Makefile
	===================================================================
	--- head/sys/boot/geli/Makefile
	+++ head/sys/boot/geli/Makefile
	@@ -24,10 +24,6 @@
	.PATH: ${.CURDIR}/../../../lib/libc/string
	SRCS+= bcmp.c bcopy.c bzero.c

	-# need explicit_bzero for crypto
	-.PATH: ${.CURDIR}/../../../sys/libkern
	-SRCS+= explicit_bzero.c
	-
	# Our password input method
	SRCS+= pwgets.c

	Index: head/sys/boot/geli/geliboot.h
	===================================================================
	--- head/sys/boot/geli/geliboot.h
	+++ head/sys/boot/geli/geliboot.h
	@@ -36,6 +36,7 @@
	#define _STRING_H_
	#define _STRINGS_H_
	#define _STDIO_H_
	+
	#include <geom/eli/g_eli.h>
	#include <geom/eli/pkcs5v2.h>

	Index: head/sys/boot/geli/geliboot.c
	===================================================================
	--- head/sys/boot/geli/geliboot.c
	+++ head/sys/boot/geli/geliboot.c
	@@ -173,19 +173,19 @@
	sizeof(geli_e->md.md_salt), passphrase,
	geli_e->md.md_iterations);
	g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
	- bzero(&dkey, sizeof(dkey));
	+ explicit_bzero(dkey, sizeof(dkey));
	}

	g_eli_crypto_hmac_final(&ctx, key, 0);

	error = g_eli_mkey_decrypt(&geli_e->md, key, mkey, &keynum);
	- bzero(&key, sizeof(key));
	+ explicit_bzero(key, sizeof(key));
	if (error == -1) {
	- bzero(&mkey, sizeof(mkey));
	+ explicit_bzero(mkey, sizeof(mkey));
	printf("Bad GELI key: %d\n", error);
	return (error);
	} else if (error != 0) {
	- bzero(&mkey, sizeof(mkey));
	+ explicit_bzero(mkey, sizeof(mkey));
	printf("Failed to decrypt GELI master key: %d\n", error);
	return (error);
	}
	@@ -203,7 +203,7 @@
	g_eli_crypto_hmac(mkp, G_ELI_MAXKEYLEN, "\x10", 1,
	geli_e->sc.sc_ekey, 0);
	}
	- bzero(&mkey, sizeof(mkey));
	+ explicit_bzero(mkey, sizeof(mkey));

	/* Initialize the per-sector IV. */
	switch (geli_e->sc.sc_ealgo) {
	@@ -279,13 +279,13 @@
	geli_e->sc.sc_ekeylen, iv);

	if (error != 0) {
	- bzero(&gkey, sizeof(gkey));
	+ explicit_bzero(&gkey, sizeof(gkey));
	printf("Failed to decrypt in geli_read()!");
	return (error);
	}
	pbuf += secsize;
	}
	- bzero(&gkey, sizeof(gkey));
	+ explicit_bzero(&gkey, sizeof(gkey));
	return (0);
	}

	Index: head/sys/boot/geli/geliboot_crypto.c
	===================================================================
	--- head/sys/boot/geli/geliboot_crypto.c
	+++ head/sys/boot/geli/geliboot_crypto.c
	@@ -110,7 +110,7 @@
	{
	u_char iv[keysize];

	- bzero(iv, sizeof(iv));
	+ explicit_bzero(iv, sizeof(iv));
	return (geliboot_crypt(algo, enc, data, datasize, key, keysize, iv));
	}

	Index: head/sys/boot/i386/gptboot/gptboot.c
	===================================================================
	--- head/sys/boot/i386/gptboot/gptboot.c
	+++ head/sys/boot/i386/gptboot/gptboot.c
	@@ -481,7 +481,7 @@
	#ifdef LOADER_GELI_SUPPORT
	geliargs.size = sizeof(geliargs);
	bcopy(gelipw, geliargs.gelipw, sizeof(geliargs.gelipw));
	- bzero(gelipw, sizeof(gelipw));
	+ explicit_bzero(gelipw, sizeof(gelipw));
	#endif
	__exec((caddr_t)addr, RB_BOOTINFO \| (opts & RBX_MASK),
	MAKEBOOTDEV(dev_maj[dsk.type], dsk.part + 1, dsk.unit, 0xff),
	Index: head/sys/boot/i386/loader/main.c
	===================================================================
	--- head/sys/boot/i386/loader/main.c
	+++ head/sys/boot/i386/loader/main.c
	@@ -175,7 +175,7 @@
	if (zargs != NULL && zargs->size >= offsetof(struct zfs_boot_args, gelipw)) {
	if (zargs->gelipw[0] != '\0') {
	setenv("kern.geom.eli.passphrase", zargs->gelipw, 1);
	- bzero(zargs->gelipw, sizeof(zargs->gelipw));
	+ explicit_bzero(zargs->gelipw, sizeof(zargs->gelipw));
	}
	}
	}
	@@ -187,7 +187,7 @@
	if (gargs != NULL && gargs->size >= offsetof(struct geli_boot_args, gelipw)) {
	if (gargs->gelipw[0] != '\0') {
	setenv("kern.geom.eli.passphrase", gargs->gelipw, 1);
	- bzero(gargs->gelipw, sizeof(gargs->gelipw));
	+ explicit_bzero(gargs->gelipw, sizeof(gargs->gelipw));
	}
	}
	}
	Index: head/sys/boot/i386/zfsboot/zfsboot.c
	===================================================================
	--- head/sys/boot/i386/zfsboot/zfsboot.c
	+++ head/sys/boot/i386/zfsboot/zfsboot.c
	@@ -926,7 +926,7 @@
	zfsargs.primary_pool = primary_spa->spa_guid;
	#ifdef LOADER_GELI_SUPPORT
	bcopy(gelipw, zfsargs.gelipw, sizeof(zfsargs.gelipw));
	- bzero(gelipw, sizeof(gelipw));
	+ explicit_bzero(gelipw, sizeof(gelipw));
	#else
	zfsargs.gelipw[0] = '\0';
	#endif

File Metadata

Mime Type: text/plain
Expires: Sat, Apr 18, 6:37 AM (20 h, 8 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 31679878
Default Alt Text: D9798.diff (4 KB)

D9798.diffNo OneTemporaryActions

D9798.diffView Options

File Metadata

Event Timeline

D9798.diff
No OneTemporary
Actions

D9798.diff
View Options