Author: jhb
Date: Mon Feb 26 22:17:27 2018
New Revision: 330042
URL: https://svnweb.freebsd.org/changeset/base/330042
Log:
Don't overflow the ipad[] array when clearing the remainder.
After the auth key is copied into the ipad[] array, any remaining bytes
are cleared to zero (in case the key is shorter than one block size).
The full block size was used as the length of the zero rather than the
size of the remaining ipad[]. In practice this overflow was harmless as
it could only clear bytes in the following opad[] array which is
initialized with a copy of ipad[] in the next statement.
Sponsored by: Chelsio Communications
Modified:
head/sys/dev/cxgbe/crypto/t4_crypto.c
Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c
==============================================================================
--- head/sys/dev/cxgbe/crypto/t4_crypto.c Mon Feb 26 22:12:31 2018
(r330041)
+++ head/sys/dev/cxgbe/crypto/t4_crypto.c Mon Feb 26 22:17:27 2018
(r330042)
@@ -1764,7 +1764,7 @@ ccr_init_hmac_digest(struct ccr_session *s, int cri_al
} else
memcpy(s->hmac.ipad, key, klen);
- memset(s->hmac.ipad + klen, 0, axf->blocksize);
+ memset(s->hmac.ipad + klen, 0, axf->blocksize - klen);
memcpy(s->hmac.opad, s->hmac.ipad, axf->blocksize);
for (i = 0; i < axf->blocksize; i++) {
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
