Author: delphij
Date: Sat Feb 22 00:30:33 2014
New Revision: 262318
URL: http://svnweb.freebsd.org/changeset/base/262318
Log:
MFC r261618:
In g_eli_crypto_hmac_init(), zero out after using the ipad buffer,
k_ipad.
Note that the two consumers in geli(4) are not affected by this
issue because the way the code is constructed and as such, we
believe there is no security impact with or without this change
with geli(4)'s usage.
Reported by: Serge van den Boom <serge vdboom.org>
Reviewed by: pjd
Modified:
stable/10/sys/geom/eli/g_eli_crypto.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/geom/eli/g_eli_crypto.c
==============================================================================
--- stable/10/sys/geom/eli/g_eli_crypto.c Sat Feb 22 00:16:27 2014
(r262317)
+++ stable/10/sys/geom/eli/g_eli_crypto.c Sat Feb 22 00:30:33 2014
(r262318)
@@ -265,6 +265,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx *
/* Perform inner SHA512. */
SHA512_Init(&ctx->shactx);
SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad));
+ bzero(k_ipad, sizeof(k_ipad));
}
void
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
