svn commit: r261618 - head/sys/geom/eli
Xin LI
delphij at FreeBSD.org
Sat Feb 8 05:17:50 UTC 2014
Author: delphij
Date: Sat Feb 8 05:17:49 2014
New Revision: 261618
URL: http://svnweb.freebsd.org/changeset/base/261618
Log:
In g_eli_crypto_hmac_init(), zero out after using the ipad buffer,
k_ipad.
Note that the two consumers in geli(4) are not affected by this
issue because the way the code is constructed and as such, we
believe there is no security impact with or without this change
with geli(4)'s usage.
Reported by: Serge van den Boom <serge vdboom.org>
Reviewed by: pjd
MFC after: 2 weeks
Modified:
head/sys/geom/eli/g_eli_crypto.c
Modified: head/sys/geom/eli/g_eli_crypto.c
==============================================================================
--- head/sys/geom/eli/g_eli_crypto.c Sat Feb 8 05:04:34 2014 (r261617)
+++ head/sys/geom/eli/g_eli_crypto.c Sat Feb 8 05:17:49 2014 (r261618)
@@ -265,6 +265,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx *
/* Perform inner SHA512. */
SHA512_Init(&ctx->shactx);
SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad));
+ bzero(k_ipad, sizeof(k_ipad));
}
void
More information about the svn-src-head
mailing list