xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

devsdp: keep cipher states in secret memory

Browse source
This commit is contained in:
cinap_lenrek 2016-08-27 20:39:36 +02:00
parent 7f16c92762
commit 71ac88392f
1 changed files with 13 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

32
sys/src/9/port/devsdp.c
View file

@ -1056,10 +1056,8 @@ onewaycleanup(OneWay *ow)
{ {
if(ow->controlpkt) if(ow->controlpkt)
freeb(ow->controlpkt); freeb(ow->controlpkt);
if(ow->authstate) secfree(ow->authstate);
free(ow->authstate); secfree(ow->cipherstate);
if(ow->cipherstate)
free(ow->cipherstate);
if(ow->compstate) if(ow->compstate)
free(ow->compstate); free(ow->compstate);
memset(ow, 0, sizeof(OneWay)); memset(ow, 0, sizeof(OneWay));
@ -1920,14 +1918,10 @@ cipherfree(Conv *c)
static void static void
authfree(Conv *c) authfree(Conv *c)
{ {
if(c->in.authstate) { secfree(c->in.authstate);
free(c->in.authstate); secfree(c->out.authstate);
c->in.authstate = nil; c->in.authstate = nil;
} c->out.authstate = nil;
if(c->out.authstate) {
free(c->out.authstate);
c->out.authstate = nil;
}
c->in.auth = nil; c->in.auth = nil;
c->in.authlen = 0; c->in.authlen = 0;
c->out.authlen = 0; c->out.authlen = 0;
@ -2019,7 +2013,7 @@ descipherinit(Conv *c)
c->in.cipherblklen = 8; c->in.cipherblklen = 8;
c->in.cipherivlen = 8; c->in.cipherivlen = 8;
c->in.cipher = desdecrypt; c->in.cipher = desdecrypt;
c->in.cipherstate = smalloc(sizeof(DESstate)); c->in.cipherstate = secalloc(sizeof(DESstate));
setupDESstate(c->in.cipherstate, key, ivec); setupDESstate(c->in.cipherstate, key, ivec);
/* out */ /* out */
@ -2030,7 +2024,7 @@ descipherinit(Conv *c)
c->out.cipherblklen = 8; c->out.cipherblklen = 8;
c->out.cipherivlen = 8; c->out.cipherivlen = 8;
c->out.cipher = desencrypt; c->out.cipher = desencrypt;
c->out.cipherstate = smalloc(sizeof(DESstate)); c->out.cipherstate = secalloc(sizeof(DESstate));
setupDESstate(c->out.cipherstate, key, ivec); setupDESstate(c->out.cipherstate, key, ivec);
} }
@ -2129,7 +2123,7 @@ rc4cipherinit(Conv *c)
c->in.cipherblklen = 1; c->in.cipherblklen = 1;
c->in.cipherivlen = 4; c->in.cipherivlen = 4;
c->in.cipher = rc4decrypt; c->in.cipher = rc4decrypt;
cr = smalloc(sizeof(CipherRc4)); cr = secalloc(sizeof(CipherRc4));
memset(cr, 0, sizeof(*cr)); memset(cr, 0, sizeof(*cr));
setupRC4state(&cr->current, key, n); setupRC4state(&cr->current, key, n);
c->in.cipherstate = cr; c->in.cipherstate = cr;
@ -2140,7 +2134,7 @@ rc4cipherinit(Conv *c)
c->out.cipherblklen = 1; c->out.cipherblklen = 1;
c->out.cipherivlen = 4; c->out.cipherivlen = 4;
c->out.cipher = rc4encrypt; c->out.cipher = rc4encrypt;
cr = smalloc(sizeof(CipherRc4)); cr = secalloc(sizeof(CipherRc4));
memset(cr, 0, sizeof(*cr)); memset(cr, 0, sizeof(*cr));
setupRC4state(&cr->current, key, n); setupRC4state(&cr->current, key, n);
c->out.cipherstate = cr; c->out.cipherstate = cr;
@ -2195,7 +2189,7 @@ md5auth(OneWay *ow, uchar *t, int tlen)
memset(hash, 0, MD5dlen); memset(hash, 0, MD5dlen);
seanq_hmac_md5(hash, ow->seqwrap, t, tlen, (uchar*)ow->authstate, 16); seanq_hmac_md5(hash, ow->seqwrap, t, tlen, (uchar*)ow->authstate, 16);
r = memcmp(t+tlen, hash, ow->authlen) == 0; r = tsmemcmp(t+tlen, hash, ow->authlen) == 0;
memmove(t+tlen, hash, ow->authlen); memmove(t+tlen, hash, ow->authlen);
return r; return r;
} }
@ -2212,14 +2206,14 @@ md5authinit(Conv *c)
keylen = 16; keylen = 16;
/* in */ /* in */
c->in.authstate = smalloc(16); c->in.authstate = secalloc(16);
memset(c->in.authstate, 0, 16); memset(c->in.authstate, 0, 16);
setkey(c->in.authstate, keylen, &c->in, "auth"); setkey(c->in.authstate, keylen, &c->in, "auth");
c->in.authlen = 12; c->in.authlen = 12;
c->in.auth = md5auth; c->in.auth = md5auth;
/* out */ /* out */
c->out.authstate = smalloc(16); c->out.authstate = secalloc(16);
memset(c->out.authstate, 0, 16); memset(c->out.authstate, 0, 16);
setkey(c->out.authstate, keylen, &c->out, "auth"); setkey(c->out.authstate, keylen, &c->out, "auth");
c->out.authlen = 12; c->out.authlen = 12;