Browse Source

Use explicit_bzero instead of memset in hash Final and End functions.

OK deraadt@ djm@
OPENBSD_5_7
millert 9 years ago
parent
commit
1a5ffaf941
5 changed files with 12 additions and 12 deletions
  1. +2
    -2
      src/lib/libc/hash/helper.c
  2. +2
    -2
      src/lib/libc/hash/md5.c
  3. +1
    -1
      src/lib/libc/hash/rmd160.c
  4. +2
    -2
      src/lib/libc/hash/sha1.c
  5. +5
    -5
      src/lib/libc/hash/sha2.c

+ 2
- 2
src/lib/libc/hash/helper.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: helper.c,v 1.11 2014/04/03 17:55:27 beck Exp $ */
/* $OpenBSD: helper.c,v 1.12 2015/01/15 13:05:59 millert Exp $ */
/* /*
* Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org> * Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
@ -50,7 +50,7 @@ HASHEnd(HASH_CTX *ctx, char *buf)
buf[i + i + 1] = hex[digest[i] & 0x0f]; buf[i + i + 1] = hex[digest[i] & 0x0f];
} }
buf[i + i] = '\0'; buf[i + i] = '\0';
memset(digest, 0, sizeof(digest));
explicit_bzero(digest, sizeof(digest));
return (buf); return (buf);
} }


+ 2
- 2
src/lib/libc/hash/md5.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: md5.c,v 1.9 2014/01/08 06:14:57 tedu Exp $ */
/* $OpenBSD: md5.c,v 1.10 2015/01/15 13:05:59 millert Exp $ */
/* /*
* This code implements the MD5 message-digest algorithm. * This code implements the MD5 message-digest algorithm.
@ -128,7 +128,7 @@ MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
MD5Pad(ctx); MD5Pad(ctx);
for (i = 0; i < 4; i++) for (i = 0; i < 4; i++)
PUT_32BIT_LE(digest + i * 4, ctx->state[i]); PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
memset(ctx, 0, sizeof(*ctx));
explicit_bzero(ctx, sizeof(*ctx));
} }


+ 1
- 1
src/lib/libc/hash/rmd160.c View File

@ -153,7 +153,7 @@ RMD160Final(u_int8_t digest[RMD160_DIGEST_LENGTH], RMD160_CTX *ctx)
RMD160Pad(ctx); RMD160Pad(ctx);
for (i = 0; i < 5; i++) for (i = 0; i < 5; i++)
PUT_32BIT_LE(digest + i*4, ctx->state[i]); PUT_32BIT_LE(digest + i*4, ctx->state[i]);
memset(ctx, 0, sizeof (*ctx));
explicit_bzero(ctx, sizeof (*ctx));
} }
void void


+ 2
- 2
src/lib/libc/hash/sha1.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: sha1.c,v 1.23 2014/01/08 06:14:57 tedu Exp $ */
/* $OpenBSD: sha1.c,v 1.24 2015/01/15 13:05:59 millert Exp $ */
/* /*
* SHA-1 in C * SHA-1 in C
@ -169,5 +169,5 @@ SHA1Final(u_int8_t digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
digest[i] = (u_int8_t) digest[i] = (u_int8_t)
((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
} }
memset(context, 0, sizeof(*context));
explicit_bzero(context, sizeof(*context));
} }

+ 5
- 5
src/lib/libc/hash/sha2.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: sha2.c,v 1.22 2014/12/19 15:14:04 tedu Exp $ */
/* $OpenBSD: sha2.c,v 1.23 2015/01/15 13:05:59 millert Exp $ */
/* /*
* FILE: sha2.c * FILE: sha2.c
@ -316,7 +316,7 @@ SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context)
#else #else
memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH); memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH);
#endif #endif
memset(context, 0, sizeof(*context));
explicit_bzero(context, sizeof(*context));
} }
#endif /* !defined(SHA2_SMALL) */ #endif /* !defined(SHA2_SMALL) */
@ -591,7 +591,7 @@ SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context)
#else #else
memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH); memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
#endif #endif
memset(context, 0, sizeof(*context));
explicit_bzero(context, sizeof(*context));
} }
@ -867,7 +867,7 @@ SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context)
#else #else
memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH); memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH);
#endif #endif
memset(context, 0, sizeof(*context));
explicit_bzero(context, sizeof(*context));
} }
#if !defined(SHA2_SMALL) #if !defined(SHA2_SMALL)
@ -901,6 +901,6 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH); memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
#endif #endif
/* Zero out state data */ /* Zero out state data */
memset(context, 0, sizeof(*context));
explicit_bzero(context, sizeof(*context));
} }
#endif /* !defined(SHA2_SMALL) */ #endif /* !defined(SHA2_SMALL) */

Loading…
Cancel
Save