shithub: riscv

Download patch

ref: 7f16c92762af7c602316ce26d482526e67df74cd
parent: 2967f942ea0a9239ea316dd97b52f9cf2c2bfd6b
author: cinap_lenrek <[email protected]>
date: Sat Aug 27 16:38:33 EDT 2016 

ip/esp: allocate cipher states in secret memory


--- a/sys/src/9/ip/esp.c
+++ b/sys/src/9/ip/esp.c
@@ -261,8 +261,8 @@
 	ipmove(c->raddr, IPnoaddr);
 
 	ecb = (Espcb*)c->ptcl;
-	free(ecb->espstate);
-	free(ecb->ahstate);
+	secfree(ecb->espstate);
+	secfree(ecb->ahstate);
 	memset(ecb, 0, sizeof(Espcb));
 }
 
@@ -694,7 +694,7 @@
 			return "non-hex character in key";
 	}
 	/* collapse hex digits into complete bytes in reverse order in key */
-	key = smalloc(nbyte);
+	key = secalloc(nbyte);
 	for(i = 0; i < nchar && i/2 < nbyte; i++) {
 		c = f[2][nchar-i-1];
 		if(i&1)
@@ -701,9 +701,9 @@
 			c <<= 4;
 		key[i/2] |= c;
 	}
-
+	memset(f[2], 0, nchar);
 	alg->init(ecb, alg->name, key, alg->keylen);
-	free(key);
+	secfree(key);
 	return nil;
 }
 
@@ -791,7 +791,7 @@
 	ecb->ahblklen = 1;
 	ecb->ahlen = BITS2BYTES(96);
 	ecb->auth = shaauth;
-	ecb->ahstate = smalloc(klen);
+	ecb->ahstate = secalloc(klen);
 	memmove(ecb->ahstate, key, klen);
 }
 
@@ -853,8 +853,10 @@
 	ecb->espblklen = Aesblk;
 	ecb->espivlen = Aesblk;
 	ecb->cipher = aescbccipher;
-	ecb->espstate = smalloc(sizeof(AESstate));
+	ecb->espstate = secalloc(sizeof(AESstate));
 	setupAESstate(ecb->espstate, key, n /* keybytes */, ivec);
+	memset(ivec, 0, sizeof(ivec));
+	memset(key, 0, sizeof(key));
 }
 
 static int
@@ -911,8 +913,10 @@
 	ecb->espblklen = Aesblk;
 	ecb->espivlen = Aesblk;
 	ecb->cipher = aesctrcipher;
-	ecb->espstate = smalloc(sizeof(AESstate));
+	ecb->espstate = secalloc(sizeof(AESstate));
 	setupAESstate(ecb->espstate, key, n /* keybytes */, ivec);
+	memset(ivec, 0, sizeof(ivec));
+	memset(key, 0, sizeof(key));
 }
 
 
@@ -963,7 +967,7 @@
 	ecb->ahblklen = 1;
 	ecb->ahlen = BITS2BYTES(96);
 	ecb->auth = md5auth;
-	ecb->ahstate = smalloc(klen);
+	ecb->ahstate = secalloc(klen);
 	memmove(ecb->ahstate, key, klen);
 }
 
@@ -1020,8 +1024,10 @@
 	ecb->espivlen = Desblk;
 
 	ecb->cipher = descipher;
-	ecb->espstate = smalloc(sizeof(DESstate));
+	ecb->espstate = secalloc(sizeof(DESstate));
 	setupDESstate(ecb->espstate, key, ivec);
+	memset(ivec, 0, sizeof(ivec));
+	memset(key, 0, sizeof(key));
 }
 
 static void
@@ -1042,8 +1048,10 @@
 	ecb->espivlen = Desblk;
 
 	ecb->cipher = des3cipher;
-	ecb->espstate = smalloc(sizeof(DES3state));
+	ecb->espstate = secalloc(sizeof(DES3state));
 	setupDES3state(ecb->espstate, key, ivec);
+	memset(ivec, 0, sizeof(ivec));
+	memset(key, 0, sizeof(key));
 }