提交 3ce2fdab 编写于 作者: M Matt Caswell

Convert memset calls to OPENSSL_cleanse

Ensure things really do get cleared when we intend them to.

Addresses an OCAP Audit issue.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
上级 6f4ae777
......@@ -445,7 +445,7 @@ void BN_clear(BIGNUM *a)
{
bn_check_top(a);
if (a->d != NULL)
memset(a->d, 0, sizeof(*a->d) * a->dmax);
OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
a->top = 0;
a->neg = 0;
}
......
......@@ -46,7 +46,6 @@ void BUF_MEM_free(BUF_MEM *a)
return;
if (a->data != NULL) {
memset(a->data, 0, (unsigned int)a->max);
if (a->flags & BUF_MEM_FLAG_SECURE)
OPENSSL_secure_free(a->data);
else
......
......@@ -36,7 +36,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ctx->engine);
#endif
memset(ctx, 0, sizeof(*ctx));
OPENSSL_cleanse(ctx, sizeof(*ctx));
return 1;
}
......@@ -170,7 +170,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
ctx->digest->cleanup(ctx);
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
}
memset(ctx->md_data, 0, ctx->digest->ctx_size);
OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
return ret;
}
......
......@@ -65,6 +65,8 @@
* <appro@fy.chalmers.se>
*/
#include <openssl/crypto.h>
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
# error "DATA_ORDER must be defined!"
#endif
......@@ -276,6 +278,12 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
data += n;
len -= n;
c->num = 0;
/*
* We use memset rather than OPENSSL_cleanse() here deliberately.
* Using OPENSSL_cleanse() here could be a performance issue. It
* will get properly cleansed on finalisation so this isn't a
* security problem.
*/
memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
} else {
memcpy(p + n, data, len);
......@@ -331,7 +339,7 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
p -= HASH_CBLOCK;
HASH_BLOCK_DATA_ORDER(c, p, 1);
c->num = 0;
memset(p, 0, HASH_CBLOCK);
OPENSSL_cleanse(p, HASH_CBLOCK);
#ifndef HASH_MAKE_STRING
# error "HASH_MAKE_STRING must be defined!"
......
......@@ -168,6 +168,6 @@ int MD2_Final(unsigned char *md, MD2_CTX *c)
for (i = 0; i < 16; i++)
md[i] = (UCHAR) (p1[i] & 0xff);
memset(&c, 0, sizeof(c));
OPENSSL_cleanse(c, sizeof(*c));
return 1;
}
......@@ -148,7 +148,7 @@ void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
/* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
if (num < old_len) {
memset((char*)str + num, 0, old_len - num);
OPENSSL_cleanse((char*)str + num, old_len - num);
return str;
}
......
......@@ -9,6 +9,7 @@
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include "internal/poly1305.h"
......@@ -545,7 +546,7 @@ void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16])
poly1305_emit(ctx->opaque, mac, ctx->nonce);
/* zero out the state */
memset(ctx, 0, sizeof(*ctx));
OPENSSL_cleanse(ctx, sizeof(*ctx));
}
#ifdef SELFTEST
......
......@@ -134,7 +134,7 @@ int RAND_poll(void)
rnd >>= 8;
}
RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
memset(buf, 0, sizeof(buf));
OPENSSL_cleanse(buf, sizeof(buf));
return 1;
}
......
......@@ -60,6 +60,7 @@
* input. This is done for performance.
*/
#include <openssl/crypto.h>
#include "wp_locl.h"
#include <string.h>
......@@ -245,7 +246,7 @@ int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
if (md) {
memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
memset(c, 0, sizeof(*c));
OPENSSL_cleanse(c, sizeof(*c));
return (1);
}
return (0);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册