Diffusion FreeBSD src repository f58e513f7408

ICP: AES-GCM: Refactor gcm_clear_ctx()
f58e513f7408
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

ICP: AES-GCM: Refactor gcm_clear_ctx()

Currently the temporary buffer in which decryption takes place
isn't cleared on context destruction. Further in some routines we
fail to call gcm_clear_ctx() on error exit. Both flaws may result
in leaking sensitive data.

We follow best practices and zero out the plaintext buffer before
freeing the memory holding it. Also move all cleanup into
gcm_clear_ctx() and call it on any context destruction.

The performance impact should be negligible.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Rob Norris <robn@despairlabs.com>
Signed-off-by: Attila Fülöp <attila@fueloep.org>
Closes #14528

Details

Provenance

Attila Fülöp <attila@fueloep.org>	Authored on Feb 27 2023, 10:38 PM
GitHub <noreply@github.com>	Committed on Feb 27 2023, 10:38 PM

Parents

rG3b9309aabe46: Move zap_attribute_t to the heap in dsl_deadlist_merge

Branches

Unknown

Tags

Unknown

Event Timeline

GitHub <noreply@github.com> committed rGf58e513f7408: ICP: AES-GCM: Refactor gcm_clear_ctx() (authored by Attila Fülöp <attila@fueloep.org>).Feb 27 2023, 10:38 PM

GitHub <noreply@github.com> mentioned this in rGd634d20d1be3: icp: Prevent compilers from optimizing away memset() in gcm_clear_ctx().Mar 23 2023, 11:02 AM

Changes (4)

Path

Size

module/

icp/

algs/

modes/

include/

modes/

io/

rGf58e513f7408

module/icp/algs/modes/gcm.c

Loading...

module/icp/algs/modes/modes.c

Loading...

module/icp/include/modes/modes.h

Loading...

module/icp/io/aes.c

Loading...