svn commit: r262318 - stable/10/sys/geom/eli
Brooks Davis
brooks at freebsd.org
Mon Feb 24 19:36:33 UTC 2014
On Sat, Feb 22, 2014 at 12:30:33AM +0000, Xin LI wrote:
> Author: delphij
> Date: Sat Feb 22 00:30:33 2014
> New Revision: 262318
> URL: http://svnweb.freebsd.org/changeset/base/262318
>
> Log:
> MFC r261618:
>
> In g_eli_crypto_hmac_init(), zero out after using the ipad buffer,
> k_ipad.
>
> Note that the two consumers in geli(4) are not affected by this
> issue because the way the code is constructed and as such, we
> believe there is no security impact with or without this change
> with geli(4)'s usage.
>
> Reported by: Serge van den Boom <serge vdboom.org>
> Reviewed by: pjd
>
> Modified:
> stable/10/sys/geom/eli/g_eli_crypto.c
> Directory Properties:
> stable/10/ (props changed)
>
> Modified: stable/10/sys/geom/eli/g_eli_crypto.c
> ==============================================================================
> --- stable/10/sys/geom/eli/g_eli_crypto.c Sat Feb 22 00:16:27 2014 (r262317)
> +++ stable/10/sys/geom/eli/g_eli_crypto.c Sat Feb 22 00:30:33 2014 (r262318)
> @@ -265,6 +265,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx *
> /* Perform inner SHA512. */
> SHA512_Init(&ctx->shactx);
> SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad));
> + bzero(k_ipad, sizeof(k_ipad));
> }
>
> void
>
Unless k_ipad is declared volatile there is some risk an overly smart
compiler will optimize this bzero() away. It might make sense for us to
use a non-standard function for such zeroing operations.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 326 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-stable/attachments/20140224/b47ed2b7/attachment.sig>
More information about the svn-src-stable
mailing list