zero tmpkeyiv in openssl enc

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

zero tmpkeyiv in openssl enc

Steven Roberts-4
Hi,

This patch for openssl enc will zero out tmpkeyiv which contains key
information.

Thanks.

Index: enc.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/enc.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 enc.c
--- enc.c 14 Jul 2019 03:30:45 -0000 1.21
+++ enc.c 22 Jul 2019 16:53:20 -0000
@@ -633,6 +633,8 @@ enc_main(int argc, char **argv)
  /* split and move data back to global buffer */
  memcpy(key, tmpkeyiv, iklen);
  memcpy(iv, tmpkeyiv+iklen, ivlen);
+ /* zero the tmpkeyiv buffer */
+ explicit_bzero(tmpkeyiv, sizeof(tmpkeyiv));
  } else {
  EVP_BytesToKey(enc_config.cipher, dgst, sptr,
     (unsigned char *)enc_config.keystr,

Reply | Threaded
Open this post in threaded view
|

Re: zero tmpkeyiv in openssl enc

Brent Cook
Sure, looks fine in this micro context so maybe someone copying code from
here as an example will do better. Though note that wider-scoped key/iv
still contain the key material after EVP_CipherInit_ex and so on.

Doesn't appear we've sprinkled many explicit_bzero's into openssl(1) in
general given its short lifetime for most operations. I'm not sure how
paranoid we need to be in this context, but I'll apply this.

On Tue, Jul 23, 2019 at 3:54 PM Steven Roberts <[hidden email]> wrote:

> Hi,
>
> This patch for openssl enc will zero out tmpkeyiv which contains key
> information.
>
> Thanks.
>
> Index: enc.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/openssl/enc.c,v
> retrieving revision 1.21
> diff -u -p -u -r1.21 enc.c
> --- enc.c       14 Jul 2019 03:30:45 -0000      1.21
> +++ enc.c       22 Jul 2019 16:53:20 -0000
> @@ -633,6 +633,8 @@ enc_main(int argc, char **argv)
>                                 /* split and move data back to global
> buffer */
>                                 memcpy(key, tmpkeyiv, iklen);
>                                 memcpy(iv, tmpkeyiv+iklen, ivlen);
> +                               /* zero the tmpkeyiv buffer */
> +                               explicit_bzero(tmpkeyiv, sizeof(tmpkeyiv));
>                         } else {
>                                 EVP_BytesToKey(enc_config.cipher, dgst,
> sptr,
>                                     (unsigned char *)enc_config.keystr,
>
>