svn commit: r330042 - head/sys/dev/cxgbe/crypto
John Baldwin
jhb at FreeBSD.org
Mon Feb 26 22:17:28 UTC 2018
Author: jhb
Date: Mon Feb 26 22:17:27 2018
New Revision: 330042
URL: https://svnweb.freebsd.org/changeset/base/330042
Log:
Don't overflow the ipad[] array when clearing the remainder.
After the auth key is copied into the ipad[] array, any remaining bytes
are cleared to zero (in case the key is shorter than one block size).
The full block size was used as the length of the zero rather than the
size of the remaining ipad[]. In practice this overflow was harmless as
it could only clear bytes in the following opad[] array which is
initialized with a copy of ipad[] in the next statement.
Sponsored by: Chelsio Communications
Modified:
head/sys/dev/cxgbe/crypto/t4_crypto.c
Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c
==============================================================================
--- head/sys/dev/cxgbe/crypto/t4_crypto.c Mon Feb 26 22:12:31 2018 (r330041)
+++ head/sys/dev/cxgbe/crypto/t4_crypto.c Mon Feb 26 22:17:27 2018 (r330042)
@@ -1764,7 +1764,7 @@ ccr_init_hmac_digest(struct ccr_session *s, int cri_al
} else
memcpy(s->hmac.ipad, key, klen);
- memset(s->hmac.ipad + klen, 0, axf->blocksize);
+ memset(s->hmac.ipad + klen, 0, axf->blocksize - klen);
memcpy(s->hmac.opad, s->hmac.ipad, axf->blocksize);
for (i = 0; i < axf->blocksize; i++) {
More information about the svn-src-all
mailing list