ref: 2967f942ea0a9239ea316dd97b52f9cf2c2bfd6b
parent: 7250c438bb124f76aa006dad47b5a3b8f277d1b7
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat Aug 27 16:37:31 EDT 2016
devtls: allocate cipher states in secret memory
--- a/sys/src/9/port/devtls.c
+++ b/sys/src/9/port/devtls.c
@@ -1471,7 +1471,7 @@
static void
initRC4key(Encalg *ea, Secret *s, uchar *p, uchar *)
{- s->enckey = smalloc(sizeof(RC4state));
+ s->enckey = secalloc(sizeof(RC4state));
s->enc = rc4enc;
s->dec = rc4enc;
setupRC4state(s->enckey, p, ea->keylen);
@@ -1480,7 +1480,7 @@
static void
initDES3key(Encalg *, Secret *s, uchar *p, uchar *iv)
{- s->enckey = smalloc(sizeof(DES3state));
+ s->enckey = secalloc(sizeof(DES3state));
s->enc = des3enc;
s->dec = des3dec;
s->block = 8;
@@ -1490,7 +1490,7 @@
static void
initAESkey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
{- s->enckey = smalloc(sizeof(AESstate));
+ s->enckey = secalloc(sizeof(AESstate));
s->enc = aesenc;
s->dec = aesdec;
s->block = 16;
@@ -1500,7 +1500,7 @@
static void
initccpolykey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
{- s->enckey = smalloc(sizeof(Chachastate));
+ s->enckey = secalloc(sizeof(Chachastate));
s->aead_enc = ccpoly_aead_enc;
s->aead_dec = ccpoly_aead_dec;
s->maclen = Poly1305dlen;
@@ -1517,7 +1517,7 @@
static void
initaesgcmkey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
{- s->enckey = smalloc(sizeof(AESGCMstate));
+ s->enckey = secalloc(sizeof(AESGCMstate));
s->aead_enc = aesgcm_aead_enc;
s->aead_dec = aesgcm_aead_dec;
s->maclen = 16;
@@ -1673,18 +1673,19 @@
ea = parseencalg(cb->f[2]);
p = cb->f[4];
- m = (strlen(p)*3)/2;
- x = smalloc(m);
- tos = smalloc(sizeof(Secret));
- toc = smalloc(sizeof(Secret));
+ m = (strlen(p)*3)/2 + 1;
+ x = secalloc(m);
+ tos = secalloc(sizeof(Secret));
+ toc = secalloc(sizeof(Secret));
if(waserror()){+ secfree(x);
freeSec(tos);
freeSec(toc);
- free(x);
nexterror();
}
m = dec64(x, m, p, strlen(p));
+ memset(p, 0, strlen(p));
if(m < 2 * ha->maclen + 2 * ea->keylen + 2 * ea->ivlen)
error("not enough secret data provided");@@ -1719,7 +1720,7 @@
tos->encalg = ea->name;
tos->hashalg = ha->name;
- free(x);
+ secfree(x);
poperror();
}else if(strcmp(cb->f[0], "changecipher") == 0){if(cb->nf != 1)
@@ -2048,17 +2049,10 @@
static void
freeSec(Secret *s)
{- void *k;
-
if(s == nil)
return;
- k = s->enckey;
- if(k != nil){- memset(k, 0, msize(k));
- free(k);
- }
- memset(s, 0, sizeof(*s));
- free(s);
+ secfree(s->enckey);
+ secfree(s);
}
static int
@@ -2162,6 +2156,8 @@
iv[i+(ChachaIVlen-8)] ^= seq[i];
chacha_setiv(cs, iv);
+
+ memset(iv, 0, sizeof(iv));
}
static int
@@ -2196,6 +2192,7 @@
for(i=0; i<8; i++) iv[4+i] ^= aad[i];
memmove(reciv, iv+4, 8);
aesgcm_setiv(sec->enckey, iv, 12);
+ memset(iv, 0, sizeof(iv));
aesgcm_encrypt(data, len, aad, aadlen, data+len, sec->enckey);
return len + sec->maclen;
}
@@ -2211,6 +2208,7 @@
memmove(iv, sec->mackey, 4);
memmove(iv+4, reciv, 8);
aesgcm_setiv(sec->enckey, iv, 12);
+ memset(iv, 0, sizeof(iv));
if(aesgcm_decrypt(data, len, aad, aadlen, data+len, sec->enckey) != 0)
return -1;
return len;