hcrypto: Use memset_s() when clearing sensitive buffers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
committed by
Jeffrey Altman
Jeffrey Altman
parent
88ea8039e3
commit
20f038f4f0
@@ -851,7 +851,7 @@ DES_string_to_key(const char *str, DES_cblock *key)
|
||||
k[7] ^= 0xF0;
|
||||
DES_set_key(key, &ks);
|
||||
DES_cbc_cksum(s, key, len, &ks, key);
|
||||
memset(&ks, 0, sizeof(ks));
|
||||
memset_s(&ks, sizeof(ks), 0, sizeof(ks));
|
||||
DES_set_odd_parity(key);
|
||||
if (DES_is_weak_key(key))
|
||||
k[7] ^= 0xF0;
|
||||
|
||||
@@ -145,7 +145,7 @@ DH_free(DH *dh)
|
||||
free_if(dh->counter);
|
||||
#undef free_if
|
||||
|
||||
memset(dh, 0, sizeof(*dh));
|
||||
memset_s(dh, sizeof(*dh), 0, sizeof(*dh));
|
||||
free(dh);
|
||||
}
|
||||
|
||||
|
||||
@@ -70,7 +70,7 @@ DSA_free(DSA *dsa)
|
||||
free_if(dsa->r);
|
||||
#undef free_if
|
||||
|
||||
memset(dsa, 0, sizeof(*dsa));
|
||||
memset_s(dsa, sizeof(*dsa), 0, sizeof(*dsa));
|
||||
free(dsa);
|
||||
|
||||
}
|
||||
|
||||
@@ -87,7 +87,7 @@ ENGINE_finish(ENGINE *engine)
|
||||
if (engine->dso_handle)
|
||||
dlclose(engine->dso_handle);
|
||||
|
||||
memset(engine, 0, sizeof(*engine));
|
||||
memset_s(engine, sizeof(*engine), 0, sizeof(*engine));
|
||||
engine->references = -1;
|
||||
|
||||
|
||||
|
||||
@@ -204,7 +204,7 @@ get_EVP_CIPHER_once_cb(void *d)
|
||||
*/
|
||||
ossl_evp = EVP_get_cipherbynid(arg->nid);
|
||||
if (ossl_evp == NULL) {
|
||||
(void) memset(hc_evp, 0, sizeof(*hc_evp));
|
||||
(void) memset_s(hc_evp, sizeof(*hc_evp), 0, sizeof(*hc_evp));
|
||||
#if HCRYPTO_FALLBACK
|
||||
*arg->hc_memoizep = arg->fallback;
|
||||
#endif
|
||||
@@ -348,7 +348,7 @@ get_EVP_MD_once_cb(void *d)
|
||||
*arg->ossl_memoizep = ossl_evp = EVP_get_digestbynid(arg->nid);
|
||||
|
||||
if (ossl_evp == NULL) {
|
||||
(void) memset(hc_evp, 0, sizeof(*hc_evp));
|
||||
(void) memset_s(hc_evp, sizeof(*hc_evp), 0, sizeof(*hc_evp));
|
||||
#if HCRYPTO_FALLBACK
|
||||
*arg->hc_memoizep = arg->fallback;
|
||||
#endif
|
||||
|
||||
@@ -189,12 +189,12 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) HC_DEPRECATED
|
||||
if (!ret)
|
||||
return ret;
|
||||
} else if (ctx->md) {
|
||||
memset(ctx->ptr, 0, ctx->md->ctx_size);
|
||||
memset_s(ctx->ptr, ctx->md->ctx_size, 0, ctx->md->ctx_size);
|
||||
}
|
||||
ctx->md = NULL;
|
||||
ctx->engine = NULL;
|
||||
free(ctx->ptr);
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
memset_s(ctx, sizeof(*ctx), 0, sizeof(*ctx));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -607,7 +607,7 @@ EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
|
||||
}
|
||||
if (c->cipher_data) {
|
||||
if (c->cipher)
|
||||
memset(c->cipher_data, 0, c->cipher->ctx_size);
|
||||
memset_s(c->cipher_data, c->cipher->ctx_size, 0, c->cipher->ctx_size);
|
||||
free(c->cipher_data);
|
||||
c->cipher_data = NULL;
|
||||
}
|
||||
@@ -905,7 +905,7 @@ EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
|
||||
/* fill in local buffer and encrypt */
|
||||
memcpy(ctx->buf + ctx->buf_len, in, left);
|
||||
ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
|
||||
memset(ctx->buf, 0, blocksize);
|
||||
memset_s(ctx->buf, blocksize, 0, blocksize);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
@@ -966,7 +966,7 @@ EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen)
|
||||
/* zero fill local buffer */
|
||||
memset(ctx->buf + ctx->buf_len, 0, left);
|
||||
ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
|
||||
memset(ctx->buf, 0, blocksize);
|
||||
memset_s(ctx->buf, blocksize, 0, blocksize);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
|
||||
@@ -46,17 +46,17 @@ void
|
||||
HMAC_CTX_cleanup(HMAC_CTX *ctx)
|
||||
{
|
||||
if (ctx->buf) {
|
||||
memset(ctx->buf, 0, ctx->key_length);
|
||||
memset_s(ctx->buf, ctx->key_length, 0, ctx->key_length);
|
||||
free(ctx->buf);
|
||||
ctx->buf = NULL;
|
||||
}
|
||||
if (ctx->opad) {
|
||||
memset(ctx->opad, 0, EVP_MD_block_size(ctx->md));
|
||||
memset_s(ctx->opad, EVP_MD_block_size(ctx->md), 0, EVP_MD_block_size(ctx->md));
|
||||
free(ctx->opad);
|
||||
ctx->opad = NULL;
|
||||
}
|
||||
if (ctx->ipad) {
|
||||
memset(ctx->ipad, 0, EVP_MD_block_size(ctx->md));
|
||||
memset_s(ctx->ipad, EVP_MD_block_size(ctx->md), 0, EVP_MD_block_size(ctx->md));
|
||||
free(ctx->ipad);
|
||||
ctx->ipad = NULL;
|
||||
}
|
||||
|
||||
@@ -133,6 +133,6 @@ MD2_Final (void *res, struct md2 *m)
|
||||
MD2_Update(m, pad, 16);
|
||||
|
||||
memcpy(res, m->state, MD2_DIGEST_LENGTH);
|
||||
memset(m, 0, sizeof(*m));
|
||||
memset_s(m, sizeof(*m), 0, sizeof(*m));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -77,11 +77,11 @@ pwd_dialog(char *buf, int size)
|
||||
{
|
||||
case IDOK:
|
||||
strlcpy(buf, passwd, size);
|
||||
memset (passwd, 0, sizeof(passwd));
|
||||
memset_s (passwd, sizeof(passwd), 0, sizeof(passwd));
|
||||
return 0;
|
||||
case IDCANCEL:
|
||||
default:
|
||||
memset (passwd, 0, sizeof(passwd));
|
||||
memset_s (passwd, sizeof(passwd), 0, sizeof(passwd));
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -105,7 +105,7 @@ RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
|
||||
|
||||
for (j = 0; j < 64; j++)
|
||||
key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8);
|
||||
memset(k, 0, sizeof(k));
|
||||
memset_s(k, sizeof(k), 0, sizeof(k));
|
||||
}
|
||||
|
||||
#define ROT16L(w,n) ((w<<n)|(w>>(16-n)))
|
||||
|
||||
@@ -160,7 +160,7 @@ RSA_free(RSA *rsa)
|
||||
free_if(rsa->iqmp);
|
||||
#undef free_if
|
||||
|
||||
memset(rsa, 0, sizeof(*rsa));
|
||||
memset_s(rsa, sizeof(*rsa), 0, sizeof(*rsa));
|
||||
free(rsa);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user