From 6572e5ff66ea41aea17fc88ffbc6f372d60378ef Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Thu, 25 Jun 2020 20:25:35 +0000 Subject: Use explicit_bzero() instead of bzero() for sensitive data. Reviewed by: delphij Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25441 --- sys/geom/eli/g_eli.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'sys/geom/eli/g_eli.c') diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c index dbfb16c27d04..5a2acd2b60c3 100644 --- a/sys/geom/eli/g_eli.c +++ b/sys/geom/eli/g_eli.c @@ -1126,7 +1126,7 @@ g_eli_keyfiles_clear(const char *provider) data = preload_fetch_addr(keyfile); size = preload_fetch_size(keyfile); if (data != NULL && size != 0) - bzero(data, size); + explicit_bzero(data, size); } } @@ -1261,7 +1261,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, sizeof(md.md_salt), passphrase, md.md_iterations); - bzero(passphrase, sizeof(passphrase)); + explicit_bzero(passphrase, sizeof(passphrase)); g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); explicit_bzero(dkey, sizeof(dkey)); } @@ -1272,7 +1272,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) * Decrypt Master-Key. */ error = g_eli_mkey_decrypt_any(&md, key, mkey, &nkey); - bzero(key, sizeof(key)); + explicit_bzero(key, sizeof(key)); if (error == -1) { if (i == tries) { G_ELI_DEBUG(0, @@ -1305,8 +1305,8 @@ have_key: * We have correct key, let's attach provider. */ gp = g_eli_create(NULL, mp, pp, &md, mkey, nkey); - bzero(mkey, sizeof(mkey)); - bzero(&md, sizeof(md)); + explicit_bzero(mkey, sizeof(mkey)); + explicit_bzero(&md, sizeof(md)); if (gp == NULL) { G_ELI_DEBUG(0, "Cannot create device %s%s.", pp->name, G_ELI_SUFFIX); -- cgit v1.2.3