svn commit: r266750 - stable/9/sys/geom/eli

[Marius Strobl]

Author: marius
Date: Tue May 27 15:30:06 2014
New Revision: 266750
URL: http://svnweb.freebsd.org/changeset/base/266750

Log:
  MFC: r259428
  
  Clear content of keyfiles loaded by the loader after processing them.
  
  MFC: r259429
  
  Clear some more places with potentially sensitive data.
  
  Approved by:	re (gjb)

Modified:
  stable/9/sys/geom/eli/g_eli.c
  stable/9/sys/geom/eli/g_eli_crypto.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/geom/eli/g_eli.c
==============================================================================
--- stable/9/sys/geom/eli/g_eli.c	Tue May 27 14:55:09 2014	(r266749)
+++ stable/9/sys/geom/eli/g_eli.c	Tue May 27 15:30:06 2014	(r266750)
@@ -984,6 +984,7 @@ g_eli_keyfiles_load(struct hmac_ctx *ctx
 		G_ELI_DEBUG(1, "Loaded keyfile %s for %s (type: %s).", file,
 		    provider, name);
 		g_eli_crypto_hmac_update(ctx, data, size);
+		bzero(data, size);
 	}
 }
 

Modified: stable/9/sys/geom/eli/g_eli_crypto.c
==============================================================================
--- stable/9/sys/geom/eli/g_eli_crypto.c	Tue May 27 14:55:09 2014	(r266749)
+++ stable/9/sys/geom/eli/g_eli_crypto.c	Tue May 27 15:30:06 2014	(r266750)
@@ -289,10 +289,12 @@ g_eli_crypto_hmac_final(struct hmac_ctx 
 	bzero(ctx, sizeof(*ctx));
 	SHA512_Update(&lctx, digest, sizeof(digest));
 	SHA512_Final(digest, &lctx);
+	bzero(&lctx, sizeof(lctx));
 	/* mdsize == 0 means "Give me the whole hash!" */
 	if (mdsize == 0)
 		mdsize = SHA512_MDLEN;
 	bcopy(digest, md, mdsize);
+	bzero(digest, sizeof(digest));
 }
 
 void