In g_eli_crypto_hmac_init(), zero out after using the ipad buffer,

k_ipad. Note that the two consumers in geli(4) are not affected by this issue because the way the code is constructed and as such, we believe there is no security impact with or without this change with geli(4)'s usage. Reported by: Serge van den Boom <serge vdboom.org> Reviewed by: pjd MFC after: 2 weeks
2014-02-08 05:17:49 +00:00 · 2014-02-08 05:17:49 +00:00 · 47f8d13b54
commit 47f8d13b54
parent d79f5b61e6
1 changed files with 1 additions and 0 deletions
--- a/sys/geom/eli/g_eli_crypto.c
+++ b/sys/geom/eli/g_eli_crypto.c
@ -265,6 +265,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey,
 	/* Perform inner SHA512. */
 	SHA512_Init(&ctx->shactx);
 	SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad));
+	bzero(k_ipad, sizeof(k_ipad));
 }

 void