Date: Sat, 22 Feb 2014 00:41:05 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r262319 - in stable: 7/sys/geom/eli 8/sys/geom/eli 9/sys/geom/eli Message-ID: <201402220041.s1M0f5bU047918@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Sat Feb 22 00:41:03 2014 New Revision: 262319 URL: http://svnweb.freebsd.org/changeset/base/262319 Log: MFC r261618: In g_eli_crypto_hmac_init(), zero out after using the ipad buffer, k_ipad. Note that the two consumers in geli(4) are not affected by this issue because the way the code is constructed and as such, we believe there is no security impact with or without this change with geli(4)'s usage. Reported by: Serge van den Boom <serge vdboom.org> Reviewed by: pjd Modified: stable/7/sys/geom/eli/g_eli_crypto.c Directory Properties: stable/7/sys/ (props changed) Changes in other areas also in this revision: Modified: stable/8/sys/geom/eli/g_eli_crypto.c stable/9/sys/geom/eli/g_eli_crypto.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/geom/ (props changed) stable/9/sys/ (props changed) Modified: stable/7/sys/geom/eli/g_eli_crypto.c ============================================================================== --- stable/7/sys/geom/eli/g_eli_crypto.c Sat Feb 22 00:30:33 2014 (r262318) +++ stable/7/sys/geom/eli/g_eli_crypto.c Sat Feb 22 00:41:03 2014 (r262319) @@ -250,6 +250,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx * /* Perform inner SHA512. */ SHA512_Init(&ctx->shactx); SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad)); + bzero(k_ipad, sizeof(k_ipad)); } void
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402220041.s1M0f5bU047918>