MFC r261618:

In g_eli_crypto_hmac_init(), zero out after using the ipad buffer, k_ipad. Note that the two consumers in geli(4) are not affected by this issue because the way the code is constructed and as such, we believe there is no security impact with or without this change with geli(4)'s usage. Reported by: Serge van den Boom <serge vdboom.org> Reviewed by: pjd
author: delphij <delphij@FreeBSD.org> 2014-02-22 00:30:33 +0000
committer: delphij <delphij@FreeBSD.org> 2014-02-22 00:30:33 +0000
commit: 4d109458105a7906bfebae94d6a703111555c925 (patch)
tree: 1eecd0857baa4a8ac51d1f2338d726345f7cd222 /sys/geom/eli
parent: 6e3a96834a9382ab2242aa2df7de41f16f7c82c6 (diff)
download: FreeBSD-src-4d109458105a7906bfebae94d6a703111555c925.zip
FreeBSD-src-4d109458105a7906bfebae94d6a703111555c925.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/geom/eli/g_eli_crypto.c b/sys/geom/eli/g_eli_crypto.c
index 8cf9ec1..91c36ec 100644
--- a/sys/geom/eli/g_eli_crypto.c
+++ b/sys/geom/eli/g_eli_crypto.c
@@ -265,6 +265,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey,
 	/* Perform inner SHA512. */
 	SHA512_Init(&ctx->shactx);
 	SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad));
+	bzero(k_ipad, sizeof(k_ipad));
 }
 
 void
author	delphij <delphij@FreeBSD.org>	2014-02-22 00:30:33 +0000
committer	delphij <delphij@FreeBSD.org>	2014-02-22 00:30:33 +0000
commit	4d109458105a7906bfebae94d6a703111555c925 (patch)
tree	1eecd0857baa4a8ac51d1f2338d726345f7cd222 /sys/geom/eli
parent	6e3a96834a9382ab2242aa2df7de41f16f7c82c6 (diff)
download	FreeBSD-src-4d109458105a7906bfebae94d6a703111555c925.zip FreeBSD-src-4d109458105a7906bfebae94d6a703111555c925.tar.gz