hcrypto: Use memset_s() when clearing sensitive buffers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
committed by
Jeffrey Altman
Jeffrey Altman
parent
88ea8039e3
commit
20f038f4f0
@@ -851,7 +851,7 @@ DES_string_to_key(const char *str, DES_cblock *key)
|
|||||||
k[7] ^= 0xF0;
|
k[7] ^= 0xF0;
|
||||||
DES_set_key(key, &ks);
|
DES_set_key(key, &ks);
|
||||||
DES_cbc_cksum(s, key, len, &ks, key);
|
DES_cbc_cksum(s, key, len, &ks, key);
|
||||||
memset(&ks, 0, sizeof(ks));
|
memset_s(&ks, sizeof(ks), 0, sizeof(ks));
|
||||||
DES_set_odd_parity(key);
|
DES_set_odd_parity(key);
|
||||||
if (DES_is_weak_key(key))
|
if (DES_is_weak_key(key))
|
||||||
k[7] ^= 0xF0;
|
k[7] ^= 0xF0;
|
||||||
|
|||||||
@@ -145,7 +145,7 @@ DH_free(DH *dh)
|
|||||||
free_if(dh->counter);
|
free_if(dh->counter);
|
||||||
#undef free_if
|
#undef free_if
|
||||||
|
|
||||||
memset(dh, 0, sizeof(*dh));
|
memset_s(dh, sizeof(*dh), 0, sizeof(*dh));
|
||||||
free(dh);
|
free(dh);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -70,7 +70,7 @@ DSA_free(DSA *dsa)
|
|||||||
free_if(dsa->r);
|
free_if(dsa->r);
|
||||||
#undef free_if
|
#undef free_if
|
||||||
|
|
||||||
memset(dsa, 0, sizeof(*dsa));
|
memset_s(dsa, sizeof(*dsa), 0, sizeof(*dsa));
|
||||||
free(dsa);
|
free(dsa);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -87,7 +87,7 @@ ENGINE_finish(ENGINE *engine)
|
|||||||
if (engine->dso_handle)
|
if (engine->dso_handle)
|
||||||
dlclose(engine->dso_handle);
|
dlclose(engine->dso_handle);
|
||||||
|
|
||||||
memset(engine, 0, sizeof(*engine));
|
memset_s(engine, sizeof(*engine), 0, sizeof(*engine));
|
||||||
engine->references = -1;
|
engine->references = -1;
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -204,7 +204,7 @@ get_EVP_CIPHER_once_cb(void *d)
|
|||||||
*/
|
*/
|
||||||
ossl_evp = EVP_get_cipherbynid(arg->nid);
|
ossl_evp = EVP_get_cipherbynid(arg->nid);
|
||||||
if (ossl_evp == NULL) {
|
if (ossl_evp == NULL) {
|
||||||
(void) memset(hc_evp, 0, sizeof(*hc_evp));
|
(void) memset_s(hc_evp, sizeof(*hc_evp), 0, sizeof(*hc_evp));
|
||||||
#if HCRYPTO_FALLBACK
|
#if HCRYPTO_FALLBACK
|
||||||
*arg->hc_memoizep = arg->fallback;
|
*arg->hc_memoizep = arg->fallback;
|
||||||
#endif
|
#endif
|
||||||
@@ -348,7 +348,7 @@ get_EVP_MD_once_cb(void *d)
|
|||||||
*arg->ossl_memoizep = ossl_evp = EVP_get_digestbynid(arg->nid);
|
*arg->ossl_memoizep = ossl_evp = EVP_get_digestbynid(arg->nid);
|
||||||
|
|
||||||
if (ossl_evp == NULL) {
|
if (ossl_evp == NULL) {
|
||||||
(void) memset(hc_evp, 0, sizeof(*hc_evp));
|
(void) memset_s(hc_evp, sizeof(*hc_evp), 0, sizeof(*hc_evp));
|
||||||
#if HCRYPTO_FALLBACK
|
#if HCRYPTO_FALLBACK
|
||||||
*arg->hc_memoizep = arg->fallback;
|
*arg->hc_memoizep = arg->fallback;
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -189,12 +189,12 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) HC_DEPRECATED
|
|||||||
if (!ret)
|
if (!ret)
|
||||||
return ret;
|
return ret;
|
||||||
} else if (ctx->md) {
|
} else if (ctx->md) {
|
||||||
memset(ctx->ptr, 0, ctx->md->ctx_size);
|
memset_s(ctx->ptr, ctx->md->ctx_size, 0, ctx->md->ctx_size);
|
||||||
}
|
}
|
||||||
ctx->md = NULL;
|
ctx->md = NULL;
|
||||||
ctx->engine = NULL;
|
ctx->engine = NULL;
|
||||||
free(ctx->ptr);
|
free(ctx->ptr);
|
||||||
memset(ctx, 0, sizeof(*ctx));
|
memset_s(ctx, sizeof(*ctx), 0, sizeof(*ctx));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -607,7 +607,7 @@ EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
|
|||||||
}
|
}
|
||||||
if (c->cipher_data) {
|
if (c->cipher_data) {
|
||||||
if (c->cipher)
|
if (c->cipher)
|
||||||
memset(c->cipher_data, 0, c->cipher->ctx_size);
|
memset_s(c->cipher_data, c->cipher->ctx_size, 0, c->cipher->ctx_size);
|
||||||
free(c->cipher_data);
|
free(c->cipher_data);
|
||||||
c->cipher_data = NULL;
|
c->cipher_data = NULL;
|
||||||
}
|
}
|
||||||
@@ -905,7 +905,7 @@ EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
|
|||||||
/* fill in local buffer and encrypt */
|
/* fill in local buffer and encrypt */
|
||||||
memcpy(ctx->buf + ctx->buf_len, in, left);
|
memcpy(ctx->buf + ctx->buf_len, in, left);
|
||||||
ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
|
ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
|
||||||
memset(ctx->buf, 0, blocksize);
|
memset_s(ctx->buf, blocksize, 0, blocksize);
|
||||||
if (ret != 1)
|
if (ret != 1)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
@@ -966,7 +966,7 @@ EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen)
|
|||||||
/* zero fill local buffer */
|
/* zero fill local buffer */
|
||||||
memset(ctx->buf + ctx->buf_len, 0, left);
|
memset(ctx->buf + ctx->buf_len, 0, left);
|
||||||
ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
|
ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
|
||||||
memset(ctx->buf, 0, blocksize);
|
memset_s(ctx->buf, blocksize, 0, blocksize);
|
||||||
if (ret != 1)
|
if (ret != 1)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
|||||||
@@ -46,17 +46,17 @@ void
|
|||||||
HMAC_CTX_cleanup(HMAC_CTX *ctx)
|
HMAC_CTX_cleanup(HMAC_CTX *ctx)
|
||||||
{
|
{
|
||||||
if (ctx->buf) {
|
if (ctx->buf) {
|
||||||
memset(ctx->buf, 0, ctx->key_length);
|
memset_s(ctx->buf, ctx->key_length, 0, ctx->key_length);
|
||||||
free(ctx->buf);
|
free(ctx->buf);
|
||||||
ctx->buf = NULL;
|
ctx->buf = NULL;
|
||||||
}
|
}
|
||||||
if (ctx->opad) {
|
if (ctx->opad) {
|
||||||
memset(ctx->opad, 0, EVP_MD_block_size(ctx->md));
|
memset_s(ctx->opad, EVP_MD_block_size(ctx->md), 0, EVP_MD_block_size(ctx->md));
|
||||||
free(ctx->opad);
|
free(ctx->opad);
|
||||||
ctx->opad = NULL;
|
ctx->opad = NULL;
|
||||||
}
|
}
|
||||||
if (ctx->ipad) {
|
if (ctx->ipad) {
|
||||||
memset(ctx->ipad, 0, EVP_MD_block_size(ctx->md));
|
memset_s(ctx->ipad, EVP_MD_block_size(ctx->md), 0, EVP_MD_block_size(ctx->md));
|
||||||
free(ctx->ipad);
|
free(ctx->ipad);
|
||||||
ctx->ipad = NULL;
|
ctx->ipad = NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -133,6 +133,6 @@ MD2_Final (void *res, struct md2 *m)
|
|||||||
MD2_Update(m, pad, 16);
|
MD2_Update(m, pad, 16);
|
||||||
|
|
||||||
memcpy(res, m->state, MD2_DIGEST_LENGTH);
|
memcpy(res, m->state, MD2_DIGEST_LENGTH);
|
||||||
memset(m, 0, sizeof(*m));
|
memset_s(m, sizeof(*m), 0, sizeof(*m));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -77,11 +77,11 @@ pwd_dialog(char *buf, int size)
|
|||||||
{
|
{
|
||||||
case IDOK:
|
case IDOK:
|
||||||
strlcpy(buf, passwd, size);
|
strlcpy(buf, passwd, size);
|
||||||
memset (passwd, 0, sizeof(passwd));
|
memset_s (passwd, sizeof(passwd), 0, sizeof(passwd));
|
||||||
return 0;
|
return 0;
|
||||||
case IDCANCEL:
|
case IDCANCEL:
|
||||||
default:
|
default:
|
||||||
memset (passwd, 0, sizeof(passwd));
|
memset_s (passwd, sizeof(passwd), 0, sizeof(passwd));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -105,7 +105,7 @@ RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
|
|||||||
|
|
||||||
for (j = 0; j < 64; j++)
|
for (j = 0; j < 64; j++)
|
||||||
key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8);
|
key->data[j] = k[(j * 2) + 0] | (k[(j * 2) + 1] << 8);
|
||||||
memset(k, 0, sizeof(k));
|
memset_s(k, sizeof(k), 0, sizeof(k));
|
||||||
}
|
}
|
||||||
|
|
||||||
#define ROT16L(w,n) ((w<<n)|(w>>(16-n)))
|
#define ROT16L(w,n) ((w<<n)|(w>>(16-n)))
|
||||||
|
|||||||
@@ -160,7 +160,7 @@ RSA_free(RSA *rsa)
|
|||||||
free_if(rsa->iqmp);
|
free_if(rsa->iqmp);
|
||||||
#undef free_if
|
#undef free_if
|
||||||
|
|
||||||
memset(rsa, 0, sizeof(*rsa));
|
memset_s(rsa, sizeof(*rsa), 0, sizeof(*rsa));
|
||||||
free(rsa);
|
free(rsa);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user