Browse Source

Use explicit_bzero() instead of memset() on buffers going out of scope.

Also, zero the SHA256 context.
suggested by "eric" in a comment on an opensslrampage.org post
ok miod@ deraadt@
OPENBSD_5_6
guenther 10 years ago
parent
commit
6fd1ff93b6
6 changed files with 18 additions and 12 deletions
  1. +3
    -2
      src/lib/libcrypto/arc4random/getentropy_linux.c
  2. +3
    -2
      src/lib/libcrypto/arc4random/getentropy_osx.c
  3. +3
    -2
      src/lib/libcrypto/arc4random/getentropy_solaris.c
  4. +3
    -2
      src/lib/libcrypto/crypto/getentropy_linux.c
  5. +3
    -2
      src/lib/libcrypto/crypto/getentropy_osx.c
  6. +3
    -2
      src/lib/libcrypto/crypto/getentropy_solaris.c

+ 3
- 2
src/lib/libcrypto/arc4random/getentropy_linux.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: getentropy_linux.c,v 1.29 2014/07/21 19:15:56 deraadt Exp $ */
/* $OpenBSD: getentropy_linux.c,v 1.30 2014/07/21 20:19:47 guenther Exp $ */
/* /*
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@ -539,7 +539,8 @@ getentropy_fallback(void *buf, size_t len)
memcpy((char *)buf + i, results, min(sizeof(results), len - i)); memcpy((char *)buf + i, results, min(sizeof(results), len - i));
i += min(sizeof(results), len - i); i += min(sizeof(results), len - i);
} }
memset(results, 0, sizeof results);
explicit_bzero(&ctx, sizeof ctx);
explicit_bzero(results, sizeof results);
if (gotdata(buf, len) == 0) { if (gotdata(buf, len) == 0) {
errno = save_errno; errno = save_errno;
return 0; /* satisfied */ return 0; /* satisfied */


+ 3
- 2
src/lib/libcrypto/arc4random/getentropy_osx.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: getentropy_osx.c,v 1.7 2014/07/19 16:12:00 deraadt Exp $ */
/* $OpenBSD: getentropy_osx.c,v 1.8 2014/07/21 20:19:47 guenther Exp $ */
/* /*
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@ -418,7 +418,8 @@ getentropy_fallback(void *buf, size_t len)
memcpy((char *)buf + i, results, min(sizeof(results), len - i)); memcpy((char *)buf + i, results, min(sizeof(results), len - i));
i += min(sizeof(results), len - i); i += min(sizeof(results), len - i);
} }
memset(results, 0, sizeof results);
explicit_bzero(&ctx, sizeof ctx);
explicit_bzero(results, sizeof results);
if (gotdata(buf, len) == 0) { if (gotdata(buf, len) == 0) {
errno = save_errno; errno = save_errno;
return 0; /* satisfied */ return 0; /* satisfied */


+ 3
- 2
src/lib/libcrypto/arc4random/getentropy_solaris.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: getentropy_solaris.c,v 1.8 2014/07/19 16:12:00 deraadt Exp $ */
/* $OpenBSD: getentropy_solaris.c,v 1.9 2014/07/21 20:19:47 guenther Exp $ */
/* /*
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@ -434,7 +434,8 @@ getentropy_fallback(void *buf, size_t len)
memcpy((char *)buf + i, results, min(sizeof(results), len - i)); memcpy((char *)buf + i, results, min(sizeof(results), len - i));
i += min(sizeof(results), len - i); i += min(sizeof(results), len - i);
} }
memset(results, 0, sizeof results);
explicit_bzero(&ctx, sizeof ctx);
explicit_bzero(results, sizeof results);
if (gotdata(buf, len) == 0) { if (gotdata(buf, len) == 0) {
errno = save_errno; errno = save_errno;
return 0; /* satisfied */ return 0; /* satisfied */


+ 3
- 2
src/lib/libcrypto/crypto/getentropy_linux.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: getentropy_linux.c,v 1.29 2014/07/21 19:15:56 deraadt Exp $ */
/* $OpenBSD: getentropy_linux.c,v 1.30 2014/07/21 20:19:47 guenther Exp $ */
/* /*
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@ -539,7 +539,8 @@ getentropy_fallback(void *buf, size_t len)
memcpy((char *)buf + i, results, min(sizeof(results), len - i)); memcpy((char *)buf + i, results, min(sizeof(results), len - i));
i += min(sizeof(results), len - i); i += min(sizeof(results), len - i);
} }
memset(results, 0, sizeof results);
explicit_bzero(&ctx, sizeof ctx);
explicit_bzero(results, sizeof results);
if (gotdata(buf, len) == 0) { if (gotdata(buf, len) == 0) {
errno = save_errno; errno = save_errno;
return 0; /* satisfied */ return 0; /* satisfied */


+ 3
- 2
src/lib/libcrypto/crypto/getentropy_osx.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: getentropy_osx.c,v 1.7 2014/07/19 16:12:00 deraadt Exp $ */
/* $OpenBSD: getentropy_osx.c,v 1.8 2014/07/21 20:19:47 guenther Exp $ */
/* /*
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@ -418,7 +418,8 @@ getentropy_fallback(void *buf, size_t len)
memcpy((char *)buf + i, results, min(sizeof(results), len - i)); memcpy((char *)buf + i, results, min(sizeof(results), len - i));
i += min(sizeof(results), len - i); i += min(sizeof(results), len - i);
} }
memset(results, 0, sizeof results);
explicit_bzero(&ctx, sizeof ctx);
explicit_bzero(results, sizeof results);
if (gotdata(buf, len) == 0) { if (gotdata(buf, len) == 0) {
errno = save_errno; errno = save_errno;
return 0; /* satisfied */ return 0; /* satisfied */


+ 3
- 2
src/lib/libcrypto/crypto/getentropy_solaris.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: getentropy_solaris.c,v 1.8 2014/07/19 16:12:00 deraadt Exp $ */
/* $OpenBSD: getentropy_solaris.c,v 1.9 2014/07/21 20:19:47 guenther Exp $ */
/* /*
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@ -434,7 +434,8 @@ getentropy_fallback(void *buf, size_t len)
memcpy((char *)buf + i, results, min(sizeof(results), len - i)); memcpy((char *)buf + i, results, min(sizeof(results), len - i));
i += min(sizeof(results), len - i); i += min(sizeof(results), len - i);
} }
memset(results, 0, sizeof results);
explicit_bzero(&ctx, sizeof ctx);
explicit_bzero(results, sizeof results);
if (gotdata(buf, len) == 0) { if (gotdata(buf, len) == 0) {
errno = save_errno; errno = save_errno;
return 0; /* satisfied */ return 0; /* satisfied */


Loading…
Cancel
Save