From owner-svn-src-head@FreeBSD.ORG Sat Feb 8 05:17:50 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1177D17C; Sat, 8 Feb 2014 05:17:50 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F198E18DB; Sat, 8 Feb 2014 05:17:49 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s185Hn9f005147; Sat, 8 Feb 2014 05:17:49 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s185HnTx005146; Sat, 8 Feb 2014 05:17:49 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201402080517.s185HnTx005146@svn.freebsd.org> From: Xin LI Date: Sat, 8 Feb 2014 05:17:49 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r261618 - head/sys/geom/eli X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Feb 2014 05:17:50 -0000 Author: delphij Date: Sat Feb 8 05:17:49 2014 New Revision: 261618 URL: http://svnweb.freebsd.org/changeset/base/261618 Log: In g_eli_crypto_hmac_init(), zero out after using the ipad buffer, k_ipad. Note that the two consumers in geli(4) are not affected by this issue because the way the code is constructed and as such, we believe there is no security impact with or without this change with geli(4)'s usage. Reported by: Serge van den Boom Reviewed by: pjd MFC after: 2 weeks Modified: head/sys/geom/eli/g_eli_crypto.c Modified: head/sys/geom/eli/g_eli_crypto.c ============================================================================== --- head/sys/geom/eli/g_eli_crypto.c Sat Feb 8 05:04:34 2014 (r261617) +++ head/sys/geom/eli/g_eli_crypto.c Sat Feb 8 05:17:49 2014 (r261618) @@ -265,6 +265,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx * /* Perform inner SHA512. */ SHA512_Init(&ctx->shactx); SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad)); + bzero(k_ipad, sizeof(k_ipad)); } void