]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8c784bb) | patch
geli: split the initalization of HMAC
authorMariusz Zaborski <oshogbo@FreeBSD.org>
Wed, 8 Feb 2023 16:41:06 +0000 (08:41 -0800)
committerGordon Tetlow <gordon@FreeBSD.org>
Wed, 8 Feb 2023 18:01:58 +0000 (10:01 -0800)
commit5fff09660e06a66bed6482da9c70df328e16bbb6
treefaa1789e4971cf72f18e46e74518a78bef2532cctree | snapshot
parent8c784bb8cf36911b828652f0bf7e88f443abec50commit | diff
geli: split the initalization of HMAC

GELI allows to read a user key from a standard input.
However if user initialize multiple providers at once, the standard
input will be empty for the second and next providers.
This caused GELI to encrypt a master key with an empty key file.

This commits initialize the HMAC with the key file, and then reuse the
finalized structure to generate different encryption keys for different
providers.

Reported by: Nathan Dorfman
Tested by: philip
Security: FreeBSD-SA-23:01.geli
Security: CVE-2023-0751
lib/geom/eli/geom_eli.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.