diff options
author | Xin LI <delphij@FreeBSD.org> | 2018-07-20 07:01:28 +0000 |
---|---|---|
committer | Xin LI <delphij@FreeBSD.org> | 2018-07-20 07:01:28 +0000 |
commit | 66bdf50face2485fdb7164cf563cbc595370cd3e (patch) | |
tree | 1a749aadcb9dcb133d74ca9804f43846d81d5056 /sys/crypto | |
parent | e8177648bbac282633fa9c4f68d99da24058362c (diff) | |
download | src-66bdf50face2485fdb7164cf563cbc595370cd3e.tar.gz src-66bdf50face2485fdb7164cf563cbc595370cd3e.zip |
libmd: Always erase context in _Final method, and when doing
it, consistently use explicit_bzero().
Update manual pages to match the behavior.
Reviewed by: pfg, allanjude, jmg
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D16316
Notes
Notes:
svn path=/head/; revision=336539
Diffstat (limited to 'sys/crypto')
-rw-r--r-- | sys/crypto/sha2/sha256c.c | 2 | ||||
-rw-r--r-- | sys/crypto/sha2/sha512c.c | 8 | ||||
-rw-r--r-- | sys/crypto/skein/skein.c | 3 |
3 files changed, 8 insertions, 5 deletions
diff --git a/sys/crypto/sha2/sha256c.c b/sys/crypto/sha2/sha256c.c index 70980ac5fb7a..135fb68ccc65 100644 --- a/sys/crypto/sha2/sha256c.c +++ b/sys/crypto/sha2/sha256c.c @@ -298,7 +298,7 @@ SHA256_Final(unsigned char digest[static SHA256_DIGEST_LENGTH], SHA256_CTX *ctx) be32enc_vect(digest, ctx->state, SHA256_DIGEST_LENGTH); /* Clear the context state */ - memset(ctx, 0, sizeof(*ctx)); + explicit_bzero(ctx, sizeof(*ctx)); } /*** SHA-224: *********************************************************/ diff --git a/sys/crypto/sha2/sha512c.c b/sys/crypto/sha2/sha512c.c index 21c7efabe156..e0dd36120a90 100644 --- a/sys/crypto/sha2/sha512c.c +++ b/sys/crypto/sha2/sha512c.c @@ -331,7 +331,7 @@ SHA512_Final(unsigned char digest[static SHA512_DIGEST_LENGTH], SHA512_CTX *ctx) be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH); /* Clear the context state */ - memset(ctx, 0, sizeof(*ctx)); + explicit_bzero(ctx, sizeof(*ctx)); } /*** SHA-512t: *********************************************************/ @@ -374,7 +374,7 @@ SHA512_224_Final(unsigned char digest[static SHA512_224_DIGEST_LENGTH], SHA512_C be64enc_vect(digest, ctx->state, SHA512_224_DIGEST_LENGTH); /* Clear the context state */ - memset(ctx, 0, sizeof(*ctx)); + explicit_bzero(ctx, sizeof(*ctx)); } void @@ -413,7 +413,7 @@ SHA512_256_Final(unsigned char digest[static SHA512_256_DIGEST_LENGTH], SHA512_C be64enc_vect(digest, ctx->state, SHA512_256_DIGEST_LENGTH); /* Clear the context state */ - memset(ctx, 0, sizeof(*ctx)); + explicit_bzero(ctx, sizeof(*ctx)); } /*** SHA-384: *********************************************************/ @@ -463,7 +463,7 @@ SHA384_Final(unsigned char digest[static SHA384_DIGEST_LENGTH], SHA384_CTX *ctx) be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH); /* Clear the context state */ - memset(ctx, 0, sizeof(*ctx)); + explicit_bzero(ctx, sizeof(*ctx)); } #ifdef WEAK_REFS diff --git a/sys/crypto/skein/skein.c b/sys/crypto/skein/skein.c index b8d5905078a3..fd17623db21a 100644 --- a/sys/crypto/skein/skein.c +++ b/sys/crypto/skein/skein.c @@ -812,6 +812,7 @@ SKEIN256_Final(unsigned char digest[static SKEIN_256_BLOCK_BYTES], SKEIN256_CTX { Skein_256_Final(ctx, digest); + explicit_bzero(ctx, sizeof(*ctx)); } void @@ -819,6 +820,7 @@ SKEIN512_Final(unsigned char digest[static SKEIN_512_BLOCK_BYTES], SKEIN512_CTX { Skein_512_Final(ctx, digest); + explicit_bzero(ctx, sizeof(*ctx)); } void @@ -826,6 +828,7 @@ SKEIN1024_Final(unsigned char digest[static SKEIN1024_BLOCK_BYTES], SKEIN1024_CT { Skein1024_Final(ctx, digest); + explicit_bzero(ctx, sizeof(*ctx)); } #ifdef WEAK_REFS |