diff options
author | pjd <pjd@FreeBSD.org> | 2008-07-20 19:56:13 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2008-07-20 19:56:13 +0000 |
commit | b1fb19aba8978e884a04b37508acb9127be0f10a (patch) | |
tree | 6a86a17f24bdf41bb1d51e5362e424c7578f4c8a | |
parent | 42f134da57fb80e7e52e6e7ceb205e8ec4997fd4 (diff) | |
download | FreeBSD-src-b1fb19aba8978e884a04b37508acb9127be0f10a.zip FreeBSD-src-b1fb19aba8978e884a04b37508acb9127be0f10a.tar.gz |
Clear passphrase buffer after use.
Submitted by: Fabian Keil <fk@fabiankeil.de> (a bit different version)
-rw-r--r-- | sys/geom/eli/g_eli.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c index e2b51ee..bfb708c 100644 --- a/sys/geom/eli/g_eli.c +++ b/sys/geom/eli/g_eli.c @@ -952,11 +952,13 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) sizeof(md.md_salt)); g_eli_crypto_hmac_update(&ctx, passphrase, strlen(passphrase)); + bzero(passphrase, sizeof(passphrase)); } else if (md.md_iterations > 0) { u_char dkey[G_ELI_USERKEYLEN]; pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, sizeof(md.md_salt), passphrase, md.md_iterations); + bzero(passphrase, sizeof(passphrase)); g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey)); bzero(dkey, sizeof(dkey)); } |