Date: Mon, 24 Feb 2014 13:36:23 -0600 From: Brooks Davis <brooks@freebsd.org> To: Xin LI <delphij@FreeBSD.org> Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-stable-10@freebsd.org Subject: Re: svn commit: r262318 - stable/10/sys/geom/eli Message-ID: <20140224193623.GC18404@lor.one-eyed-alien.net> In-Reply-To: <201402220030.s1M0UX3T044248@svn.freebsd.org> References: <201402220030.s1M0UX3T044248@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--bCsyhTFzCvuiizWE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 22, 2014 at 12:30:33AM +0000, Xin LI wrote: > Author: delphij > Date: Sat Feb 22 00:30:33 2014 > New Revision: 262318 > URL: http://svnweb.freebsd.org/changeset/base/262318 >=20 > Log: > MFC r261618: > =20 > In g_eli_crypto_hmac_init(), zero out after using the ipad buffer, > k_ipad. > =20 > Note that the two consumers in geli(4) are not affected by this > issue because the way the code is constructed and as such, we > believe there is no security impact with or without this change > with geli(4)'s usage. > =20 > Reported by: Serge van den Boom <serge vdboom.org> > Reviewed by: pjd >=20 > Modified: > stable/10/sys/geom/eli/g_eli_crypto.c > Directory Properties: > stable/10/ (props changed) >=20 > Modified: stable/10/sys/geom/eli/g_eli_crypto.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- stable/10/sys/geom/eli/g_eli_crypto.c Sat Feb 22 00:16:27 2014 (r2623= 17) > +++ stable/10/sys/geom/eli/g_eli_crypto.c Sat Feb 22 00:30:33 2014 (r2623= 18) > @@ -265,6 +265,7 @@ g_eli_crypto_hmac_init(struct hmac_ctx * > /* Perform inner SHA512. */ > SHA512_Init(&ctx->shactx); > SHA512_Update(&ctx->shactx, k_ipad, sizeof(k_ipad)); > + bzero(k_ipad, sizeof(k_ipad)); > } > =20 > void >=20 Unless k_ipad is declared volatile there is some risk an overly smart compiler will optimize this bzero() away. It might make sense for us to use a non-standard function for such zeroing operations. -- Brooks --bCsyhTFzCvuiizWE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iKYEARECAGYFAlMLnzZfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDY1NUQ1MTlDMjZBNzgyRTcyNTI5OUJGMDVE OEU4QkU5RjIzODFBRDQACgkQXY6L6fI4GtTTCQCfSiGFo7KrTv6YvPl6QfqIg5ut JeAAoMPUQ2xbAIIsGS/YHNtjF7kWQ6AV =SNZA -----END PGP SIGNATURE----- --bCsyhTFzCvuiizWE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140224193623.GC18404>