Page MenuHomeFreeBSD
Differential D25442

Use zfree() to explicitly zero IPsec keys.
ClosedPublic
Actions

Authored by jhb on Jun 25 2020, 12:42 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 16, 3:41 PM
Unknown Object (File)
Sat, Mar 8, 4:32 AM
Unknown Object (File)
Dec 6 2024, 9:15 AM
Unknown Object (File)
Nov 22 2024, 3:46 PM
Unknown Object (File)
Oct 4 2024, 1:54 PM
Unknown Object (File)
Sep 27 2024, 6:39 PM
Unknown Object (File)
Sep 23 2024, 3:41 PM
Unknown Object (File)
Sep 23 2024, 11:57 AM
View All 48 Files
Subscribers
ae
imp
melifaro

Details

Reviewers
delphij
cem
Commits
rS362632: Use zfree() to explicitly zero IPsec keys.
Test Plan
  • tested with IPsec tunnels over IPv4 (AES-CBC + SHA1 and AES-GCM) and IPv6 (AES-GCM) and using setkey -F to clear state after

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 31945
Build 29496: arc lint + arc unit

Event Timeline

jhb created this revision.Jun 25 2020, 12:42 AM
Herald added subscribers: melifaro, ae. · View Herald TranscriptJun 25 2020, 12:42 AM
jhb requested review of this revision.Jun 25 2020, 12:42 AM
Harbormaster completed remote builds in B31945: Diff 73614.Jun 25 2020, 12:42 AM
jhb added a child revision: D25443: Simplify IPsec transform-specific teardown..Jun 25 2020, 12:43 AM
cem resigned from this revision.Jun 25 2020, 12:44 AM

No interest in ipsec.

delphij accepted this revision.Jun 25 2020, 4:36 AM

I think setting tdb_xform to NULL is no longer needed (as they are about to be done by the caller anyway).

sys/netipsec/xform_ah.c
256

Looks like this is redundant too? (Already done by caller, key_cleansav).

sys/netipsec/xform_esp.c
250

Looks like this is redundant too? (Already done by caller, key_cleansav).

sys/netipsec/xform_tcp.c
368

Looks like this is redundant too? (Already done by caller, key_cleansav).

This revision is now accepted and ready to land.Jun 25 2020, 4:36 AM
jhb added a comment.Jun 25 2020, 8:27 PM
In D25442#561674, @delphij wrote:

I think setting tdb_xform to NULL is no longer needed (as they are about to be done by the caller anyway).

Yes, I removed those in the followup change. Here I was trying to just focus on the key zeroing via zfree separate from the other change.

Closed by commit rS362632: Use zfree() to explicitly zero IPsec keys. (authored by jhb). · Explain WhyJun 25 2020, 8:31 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rS362632: Use zfree() to explicitly zero IPsec keys..
Herald added a subscriber: imp. · View Herald TranscriptJun 25 2020, 8:31 PM

Revision Contents
Changeset List

PathSize
sys/
netipsec/
14 lines
3 lines
4 lines
2 lines

Diff 73614

View Options

sys/netipsec/key.c

Loading...
View Options

sys/netipsec/xform_ah.c

Show First 20 LinesShow All 244 Lines▼ Show 20 Lines
* Paranoia. * Paranoia.
* *
* NB: public for use by esp_zeroize (XXX). * NB: public for use by esp_zeroize (XXX).
*/ */
int int
ah_zeroize(struct secasvar *sav) ah_zeroize(struct secasvar *sav)
{ {
if (sav->key_auth)
bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
crypto_freesession(sav->tdb_cryptoid); crypto_freesession(sav->tdb_cryptoid);
sav->tdb_cryptoid = NULL; sav->tdb_cryptoid = NULL;
sav->tdb_authalgxform = NULL; sav->tdb_authalgxform = NULL;
sav->tdb_xform = NULL; sav->tdb_xform = NULL;
delphijUnsubmitted
Not Done
Inline Actions

Looks like this is redundant too? (Already done by caller, key_cleansav).

delphij: Looks like this is redundant too? (Already done by caller, key_cleansav).
return 0; return 0;
} }
/* /*
* Massage IPv4/IPv6 headers for AH processing. * Massage IPv4/IPv6 headers for AH processing.
*/ */
static int static int
ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
▲ Show 20 LinesShow All 888 LinesShow Last 20 Lines
View Options

sys/netipsec/xform_esp.c

Loading...
View Options

sys/netipsec/xform_tcp.c

Loading...