devtls: allocate cipher states in secret memory

sys/src/9/port/devtls.c

@@ -1471,7 +1471,7 @@ struct Encalg
 static void
 initRC4key(Encalg *ea, Secret *s, uchar *p, uchar *)
 {
-	s->enckey = smalloc(sizeof(RC4state));
+	s->enckey = secalloc(sizeof(RC4state));
 	s->enc = rc4enc;
 	s->dec = rc4enc;
 	setupRC4state(s->enckey, p, ea->keylen);
@@ -1480,7 +1480,7 @@ initRC4key(Encalg *ea, Secret *s, uchar *p, uchar *)
 static void
 initDES3key(Encalg *, Secret *s, uchar *p, uchar *iv)
 {
-	s->enckey = smalloc(sizeof(DES3state));
+	s->enckey = secalloc(sizeof(DES3state));
 	s->enc = des3enc;
 	s->dec = des3dec;
 	s->block = 8;
@@ -1490,7 +1490,7 @@ initDES3key(Encalg *, Secret *s, uchar *p, uchar *iv)
 static void
 initAESkey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
 {
-	s->enckey = smalloc(sizeof(AESstate));
+	s->enckey = secalloc(sizeof(AESstate));
 	s->enc = aesenc;
 	s->dec = aesdec;
 	s->block = 16;
@@ -1500,7 +1500,7 @@ initAESkey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
 static void
 initccpolykey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
 {
-	s->enckey = smalloc(sizeof(Chachastate));
+	s->enckey = secalloc(sizeof(Chachastate));
 	s->aead_enc = ccpoly_aead_enc;
 	s->aead_dec = ccpoly_aead_dec;
 	s->maclen = Poly1305dlen;
@@ -1517,7 +1517,7 @@ initccpolykey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
 static void
 initaesgcmkey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
 {
-	s->enckey = smalloc(sizeof(AESGCMstate));
+	s->enckey = secalloc(sizeof(AESGCMstate));
 	s->aead_enc = aesgcm_aead_enc;
 	s->aead_dec = aesgcm_aead_dec;
 	s->maclen = 16;
@@ -1673,18 +1673,19 @@ tlswrite(Chan *c, void *a, long n, vlong off)
 		ea = parseencalg(cb->f[2]);
 
 		p = cb->f[4];
-		m = (strlen(p)*3)/2;
-		x = smalloc(m);
-		tos = smalloc(sizeof(Secret));
-		toc = smalloc(sizeof(Secret));
+		m = (strlen(p)*3)/2 + 1;
+		x = secalloc(m);
+		tos = secalloc(sizeof(Secret));
+		toc = secalloc(sizeof(Secret));
 		if(waserror()){
+			secfree(x);
 			freeSec(tos);
 			freeSec(toc);
-			free(x);
 			nexterror();
 		}
 
 		m = dec64(x, m, p, strlen(p));
+		memset(p, 0, strlen(p));
 		if(m < 2 * ha->maclen + 2 * ea->keylen + 2 * ea->ivlen)
 			error("not enough secret data provided");
 
@@ -1719,7 +1720,7 @@ tlswrite(Chan *c, void *a, long n, vlong off)
 		tos->encalg = ea->name;
 		tos->hashalg = ha->name;
 
-		free(x);
+		secfree(x);
 		poperror();
 	}else if(strcmp(cb->f[0], "changecipher") == 0){
 		if(cb->nf != 1)
@@ -2048,17 +2049,10 @@ tlsstate(int s)
 static void
 freeSec(Secret *s)
 {
-	void *k;
-
 	if(s == nil)
 		return;
-	k = s->enckey;
-	if(k != nil){
-		memset(k, 0, msize(k));
-		free(k);
-	}
-	memset(s, 0, sizeof(*s));
-	free(s);
+	secfree(s->enckey);
+	secfree(s);
 }
 
 static int
@@ -2162,6 +2156,8 @@ ccpoly_aead_setiv(Secret *sec, uchar seq[8])
 		iv[i+(ChachaIVlen-8)] ^= seq[i];
 
 	chacha_setiv(cs, iv);
+
+	memset(iv, 0, sizeof(iv));
 }
 
 static int
@@ -2196,6 +2192,7 @@ aesgcm_aead_enc(Secret *sec, uchar *aad, int aadlen, uchar *reciv, uchar *data,
 	for(i=0; i<8; i++) iv[4+i] ^= aad[i];
 	memmove(reciv, iv+4, 8);
 	aesgcm_setiv(sec->enckey, iv, 12);
+	memset(iv, 0, sizeof(iv));
 	aesgcm_encrypt(data, len, aad, aadlen, data+len, sec->enckey);
 	return len + sec->maclen;
 }
@@ -2211,6 +2208,7 @@ aesgcm_aead_dec(Secret *sec, uchar *aad, int aadlen, uchar *reciv, uchar *data,
 	memmove(iv, sec->mackey, 4);
 	memmove(iv+4, reciv, 8);
 	aesgcm_setiv(sec->enckey, iv, 12);
+	memset(iv, 0, sizeof(iv));
 	if(aesgcm_decrypt(data, len, aad, aadlen, data+len, sec->enckey) != 0)
 		return -1;
 	return len;