From c35ddb346f69cc065d22b85182a458e46a7cd74c Mon Sep 17 00:00:00 2001 From: Xin LI Date: Sat, 8 Feb 2014 05:17:49 +0000 Subject: [PATCH] In g_eli_crypto_hmac_init(), zero out after using the ipad buffer, k_ipad. Note that the two consumers in geli(4) are not affected by this issue because the way the code is constructed and as such, we believe there is no security impact with or without this change with geli(4)'s usage. Reported by: Serge van den Boom Reviewed by: pjd MFC after: 2 weeks --- sys/geom/eli/g_eli_crypto.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/geom/eli/g_eli_crypto.c b/sys/geom/eli/g_eli_crypto.c index e7217a1342a8..9b420972b03e 100644 --- a/sys/geom/eli/g_eli_crypto.c +++ b/sys/geom/eli/g_eli_crypto.c @@ -265,6 +265,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey, /* Perform inner SHA512. */ SHA512_Init(&ctx->shactx); SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad)); + bzero(k_ipad, sizeof(k_ipad)); } void