In g_eli_crypto_hmac_init(), zero out after using the ipad buffer,

k_ipad. Note that the two consumers in geli(4) are not affected by this issue because the way the code is constructed and as such, we believe there is no security impact with or without this change with geli(4)'s usage. Reported by: Serge van den Boom <serge vdboom.org> Reviewed by: pjd MFC after: 2 weeks
2014-02-08 05:17:49 +00:00 · 2014-02-08 05:17:49 +00:00 · c35ddb346f
commit c35ddb346f
parent 62fbd7c27a
1 changed files with 1 additions and 0 deletions
--- a/sys/geom/eli/g_eli_crypto.c
+++ b/sys/geom/eli/g_eli_crypto.c
@ -265,6 +265,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx *ctx, const uint8_t *hkey,
 	/* Perform inner SHA512. */
 	SHA512_Init(&ctx->shactx);
 	SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad));
+	bzero(k_ipad, sizeof(k_ipad));
 }

 void