Use explicit_bzero instead of memset in hash Final and End functions.

OK deraadt@ djm@
10 years ago · 1a5ffaf941
--- a/src/lib/libc/hash/helper.c
+++ b/src/lib/libc/hash/helper.c
@ -1,4 +1,4 @@
 /*	$OpenBSD: helper.c,v 1.11 2014/04/03 17:55:27 beck Exp $ */
 /*	$OpenBSD: helper.c,v 1.12 2015/01/15 13:05:59 millert Exp $ */
 /*
 * Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
@ -50,7 +50,7 @@ HASHEnd(HASH_CTX *ctx, char *buf)
 		buf[i + i + 1] = hex[digest[i] & 0x0f];
 	}
 	buf[i + i] = '\0';
 	memset(digest, 0, sizeof(digest));
 	explicit_bzero(digest, sizeof(digest));
 	return (buf);
 }
--- a/src/lib/libc/hash/md5.c
+++ b/src/lib/libc/hash/md5.c
@ -1,4 +1,4 @@
 /*	$OpenBSD: md5.c,v 1.9 2014/01/08 06:14:57 tedu Exp $	*/
 /*	$OpenBSD: md5.c,v 1.10 2015/01/15 13:05:59 millert Exp $	*/
 /*
 * This code implements the MD5 message-digest algorithm.
@ -128,7 +128,7 @@ MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
 	MD5Pad(ctx);
 	for (i = 0; i < 4; i++)
 		PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
 	memset(ctx, 0, sizeof(*ctx));
 	explicit_bzero(ctx, sizeof(*ctx));
 }
--- a/src/lib/libc/hash/rmd160.c
+++ b/src/lib/libc/hash/rmd160.c
@ -153,7 +153,7 @@ RMD160Final(u_int8_t digest[RMD160_DIGEST_LENGTH], RMD160_CTX *ctx)
 	RMD160Pad(ctx);
 	for (i = 0; i < 5; i++)
 		PUT_32BIT_LE(digest + i*4, ctx->state[i]);
 	memset(ctx, 0, sizeof (*ctx));
 	explicit_bzero(ctx, sizeof (*ctx));
 }
 void
--- a/src/lib/libc/hash/sha1.c
+++ b/src/lib/libc/hash/sha1.c
@ -1,4 +1,4 @@
 /*	$OpenBSD: sha1.c,v 1.23 2014/01/08 06:14:57 tedu Exp $	*/
 /*	$OpenBSD: sha1.c,v 1.24 2015/01/15 13:05:59 millert Exp $	*/
 /*
 * SHA-1 in C
@ -169,5 +169,5 @@ SHA1Final(u_int8_t digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
 		digest[i] = (u_int8_t)
 		   ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
 	}
 	memset(context, 0, sizeof(*context));
 	explicit_bzero(context, sizeof(*context));
 }
--- a/src/lib/libc/hash/sha2.c
+++ b/src/lib/libc/hash/sha2.c
@ -1,4 +1,4 @@
 /*	$OpenBSD: sha2.c,v 1.22 2014/12/19 15:14:04 tedu Exp $	*/
 /*	$OpenBSD: sha2.c,v 1.23 2015/01/15 13:05:59 millert Exp $	*/
 /*
 * FILE:	sha2.c
@ -316,7 +316,7 @@ SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context)
 #else
 	memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH);
 #endif
 	memset(context, 0, sizeof(*context));
 	explicit_bzero(context, sizeof(*context));
 }
 #endif /* !defined(SHA2_SMALL) */
@ -591,7 +591,7 @@ SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context)
 #else
 	memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
 #endif
 	memset(context, 0, sizeof(*context));
 	explicit_bzero(context, sizeof(*context));
 }
@ -867,7 +867,7 @@ SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context)
 #else
 	memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH);
 #endif
 	memset(context, 0, sizeof(*context));
 	explicit_bzero(context, sizeof(*context));
 }
 #if !defined(SHA2_SMALL)
@ -901,6 +901,6 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
 	memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
 #endif
 	/* Zero out state data */
 	memset(context, 0, sizeof(*context));
 	explicit_bzero(context, sizeof(*context));
 }
 #endif /* !defined(SHA2_SMALL) */