From owner-svn-src-head@freebsd.org  Mon Feb 26 22:17:28 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A518F277E9;
 Mon, 26 Feb 2018 22:17:28 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2F3776D22B;
 Mon, 26 Feb 2018 22:17:28 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2A21221655;
 Mon, 26 Feb 2018 22:17:28 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w1QMHSat015599;
 Mon, 26 Feb 2018 22:17:28 GMT (envelope-from jhb@FreeBSD.org)
Received: (from jhb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w1QMHSmv015598;
 Mon, 26 Feb 2018 22:17:28 GMT (envelope-from jhb@FreeBSD.org)
Message-Id: <201802262217.w1QMHSmv015598@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org
 using -f
From: John Baldwin <jhb@FreeBSD.org>
Date: Mon, 26 Feb 2018 22:17:28 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r330042 - head/sys/dev/cxgbe/crypto
X-SVN-Group: head
X-SVN-Commit-Author: jhb
X-SVN-Commit-Paths: head/sys/dev/cxgbe/crypto
X-SVN-Commit-Revision: 330042
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 22:17:28 -0000

Author: jhb
Date: Mon Feb 26 22:17:27 2018
New Revision: 330042
URL: https://svnweb.freebsd.org/changeset/base/330042

Log:
  Don't overflow the ipad[] array when clearing the remainder.
  
  After the auth key is copied into the ipad[] array, any remaining bytes
  are cleared to zero (in case the key is shorter than one block size).
  The full block size was used as the length of the zero rather than the
  size of the remaining ipad[].  In practice this overflow was harmless as
  it could only clear bytes in the following opad[] array which is
  initialized with a copy of ipad[] in the next statement.
  
  Sponsored by:	Chelsio Communications

Modified:
  head/sys/dev/cxgbe/crypto/t4_crypto.c

Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c
==============================================================================
--- head/sys/dev/cxgbe/crypto/t4_crypto.c	Mon Feb 26 22:12:31 2018	(r330041)
+++ head/sys/dev/cxgbe/crypto/t4_crypto.c	Mon Feb 26 22:17:27 2018	(r330042)
@@ -1764,7 +1764,7 @@ ccr_init_hmac_digest(struct ccr_session *s, int cri_al
 	} else
 		memcpy(s->hmac.ipad, key, klen);
 
-	memset(s->hmac.ipad + klen, 0, axf->blocksize);
+	memset(s->hmac.ipad + klen, 0, axf->blocksize - klen);
 	memcpy(s->hmac.opad, s->hmac.ipad, axf->blocksize);
 
 	for (i = 0; i < axf->blocksize; i++) {