From owner-svn-src-all@FreeBSD.ORG  Sat Feb 22 00:30:33 2014
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A5639FC1;
 Sat, 22 Feb 2014 00:30:33 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8F14D1DC5;
 Sat, 22 Feb 2014 00:30:33 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s1M0UXa9044249;
 Sat, 22 Feb 2014 00:30:33 GMT (envelope-from delphij@svn.freebsd.org)
Received: (from delphij@localhost)
 by svn.freebsd.org (8.14.8/8.14.8/Submit) id s1M0UX3T044248;
 Sat, 22 Feb 2014 00:30:33 GMT (envelope-from delphij@svn.freebsd.org)
Message-Id: <201402220030.s1M0UX3T044248@svn.freebsd.org>
From: Xin LI <delphij@FreeBSD.org>
Date: Sat, 22 Feb 2014 00:30:33 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject: svn commit: r262318 - stable/10/sys/geom/eli
X-SVN-Group: stable-10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Feb 2014 00:30:33 -0000

Author: delphij
Date: Sat Feb 22 00:30:33 2014
New Revision: 262318
URL: http://svnweb.freebsd.org/changeset/base/262318

Log:
  MFC r261618:
  
  In g_eli_crypto_hmac_init(), zero out after using the ipad buffer,
  k_ipad.
  
  Note that the two consumers in geli(4) are not affected by this
  issue because the way the code is constructed and as such, we
  believe there is no security impact with or without this change
  with geli(4)'s usage.
  
  Reported by:	Serge van den Boom <serge vdboom.org>
  Reviewed by:	pjd

Modified:
  stable/10/sys/geom/eli/g_eli_crypto.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/geom/eli/g_eli_crypto.c
==============================================================================
--- stable/10/sys/geom/eli/g_eli_crypto.c	Sat Feb 22 00:16:27 2014	(r262317)
+++ stable/10/sys/geom/eli/g_eli_crypto.c	Sat Feb 22 00:30:33 2014	(r262318)
@@ -265,6 +265,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx *
 	/* Perform inner SHA512. */
 	SHA512_Init(&ctx->shactx);
 	SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad));
+	bzero(k_ipad, sizeof(k_ipad));
 }
 
 void