diff options
-rw-r--r-- | sys/geom/eli/g_eli.c | 1 | ||||
-rw-r--r-- | sys/geom/eli/g_eli_crypto.c | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c index 2d21ab3b..e0d0074 100644 --- a/sys/geom/eli/g_eli.c +++ b/sys/geom/eli/g_eli.c @@ -990,6 +990,7 @@ g_eli_keyfiles_load(struct hmac_ctx *ctx, const char *provider) G_ELI_DEBUG(1, "Loaded keyfile %s for %s (type: %s).", file, provider, name); g_eli_crypto_hmac_update(ctx, data, size); + bzero(data, size); } } diff --git a/sys/geom/eli/g_eli_crypto.c b/sys/geom/eli/g_eli_crypto.c index 91c36ec..9b42097 100644 --- a/sys/geom/eli/g_eli_crypto.c +++ b/sys/geom/eli/g_eli_crypto.c @@ -289,10 +289,12 @@ g_eli_crypto_hmac_final(struct hmac_ctx *ctx, uint8_t *md, size_t mdsize) bzero(ctx, sizeof(*ctx)); SHA512_Update(&lctx, digest, sizeof(digest)); SHA512_Final(digest, &lctx); + bzero(&lctx, sizeof(lctx)); /* mdsize == 0 means "Give me the whole hash!" */ if (mdsize == 0) mdsize = SHA512_MDLEN; bcopy(digest, md, mdsize); + bzero(digest, sizeof(digest)); } void |