Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 22 Feb 2014 00:41:05 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
Subject:   svn commit: r262319 - in stable: 7/sys/geom/eli 8/sys/geom/eli 9/sys/geom/eli
Message-ID:  <201402220041.s1M0f5bU047918@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Sat Feb 22 00:41:03 2014
New Revision: 262319
URL: http://svnweb.freebsd.org/changeset/base/262319

Log:
  MFC r261618:
  
  In g_eli_crypto_hmac_init(), zero out after using the ipad buffer,
  k_ipad.
  
  Note that the two consumers in geli(4) are not affected by this
  issue because the way the code is constructed and as such, we
  believe there is no security impact with or without this change
  with geli(4)'s usage.
  
  Reported by:	Serge van den Boom <serge vdboom.org>
  Reviewed by:	pjd

Modified:
  stable/7/sys/geom/eli/g_eli_crypto.c
Directory Properties:
  stable/7/sys/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/8/sys/geom/eli/g_eli_crypto.c
  stable/9/sys/geom/eli/g_eli_crypto.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/geom/   (props changed)
  stable/9/sys/   (props changed)

Modified: stable/7/sys/geom/eli/g_eli_crypto.c
==============================================================================
--- stable/7/sys/geom/eli/g_eli_crypto.c	Sat Feb 22 00:30:33 2014	(r262318)
+++ stable/7/sys/geom/eli/g_eli_crypto.c	Sat Feb 22 00:41:03 2014	(r262319)
@@ -250,6 +250,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx *
 	/* Perform inner SHA512. */
 	SHA512_Init(&ctx->shactx);
 	SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad));
+	bzero(k_ipad, sizeof(k_ipad));
 }
 
 void



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402220041.s1M0f5bU047918>