Clear passphrase buffer after use.

Submitted by: Fabian Keil <fk@fabiankeil.de> (a bit different version)
author: pjd <pjd@FreeBSD.org> 2008-07-20 19:56:13 +0000
committer: pjd <pjd@FreeBSD.org> 2008-07-20 19:56:13 +0000
commit: b1fb19aba8978e884a04b37508acb9127be0f10a (patch)
tree: 6a86a17f24bdf41bb1d51e5362e424c7578f4c8a /sys/geom
parent: 42f134da57fb80e7e52e6e7ceb205e8ec4997fd4 (diff)
download: FreeBSD-src-b1fb19aba8978e884a04b37508acb9127be0f10a.zip
FreeBSD-src-b1fb19aba8978e884a04b37508acb9127be0f10a.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c
index e2b51ee..bfb708c 100644
--- a/sys/geom/eli/g_eli.c
+++ b/sys/geom/eli/g_eli.c
@@ -952,11 +952,13 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
 			    sizeof(md.md_salt));
 			g_eli_crypto_hmac_update(&ctx, passphrase,
 			    strlen(passphrase));
+			bzero(passphrase, sizeof(passphrase));
 		} else if (md.md_iterations > 0) {
 			u_char dkey[G_ELI_USERKEYLEN];
 
 			pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
 			    sizeof(md.md_salt), passphrase, md.md_iterations);
+			bzero(passphrase, sizeof(passphrase));
 			g_eli_crypto_hmac_update(&ctx, dkey, sizeof(dkey));
 			bzero(dkey, sizeof(dkey));
 		}
author	pjd <pjd@FreeBSD.org>	2008-07-20 19:56:13 +0000
committer	pjd <pjd@FreeBSD.org>	2008-07-20 19:56:13 +0000
commit	b1fb19aba8978e884a04b37508acb9127be0f10a (patch)
tree	6a86a17f24bdf41bb1d51e5362e424c7578f4c8a /sys/geom
parent	42f134da57fb80e7e52e6e7ceb205e8ec4997fd4 (diff)
download	FreeBSD-src-b1fb19aba8978e884a04b37508acb9127be0f10a.zip FreeBSD-src-b1fb19aba8978e884a04b37508acb9127be0f10a.tar.gz