HomeFreeBSD
Diffusion FreeBSD src repository 0fcafe8516d1

eli: Zero pad bytes that arise when certain auth algorithms are used
0fcafe8516d1
Actions

Description

eli: Zero pad bytes that arise when certain auth algorithms are used

When authentication is configured, GELI ensures that the amount of data
per sector is a multiple of 16 bytes. This is done in
eli_metadata_softc(). When the digest size is not a multiple of 16
bytes, this leaves some extra pad bytes at the end of every sector, and
they were not being zeroed before being written to disk. In particular,
this happens with the HMAC/SHA1, HMAC/RIPEMD160 and HMAC/SHA384 data
authentication algorithms.

This change ensures that they are zeroed before being written to disk.

Reported by: KMSAN
Reviewed by: delphij, asomers
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31170

Details

Provenance
markjAuthored on Jul 15 2021, 4:23 PM
Reviewer
delphij
Differential Revision
D31170: eli: Zero pad bytes that arise when certain auth algos are used
Parents
rG44de1834b53f: nfsclient: Avoid copying uninitialized bytes into statfs
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
geom/
eli/

rG0fcafe8516d1

View Options

sys/geom/eli/g_eli_integrity.c

Loading...