diff options
| author |   guenther <guenther@openbsd.org> | 2014-07-21 20:19:47 +0000 |
|---|---|---|
| committer | guenther <guenther@openbsd.org> | 2014-07-21 20:19:47 +0000 |
| commit | 5fd8226cf53298fcb9b36bfeadaeefebe64469f0 (patch) | |
| tree | 8c8ea1e85aaaad2a93c81b79578d07c73efe6708 | |
| parent | don't try to be clever and name the _PATH_CP exec "mv", since this (diff) | |
| download | wireguard-openbsd-5fd8226cf53298fcb9b36bfeadaeefebe64469f0.tar.xz wireguard-openbsd-5fd8226cf53298fcb9b36bfeadaeefebe64469f0.zip | |
Use explicit_bzero() instead of memset() on buffers going out of scope.
Also, zero the SHA256 context.
suggested by "eric" in a comment on an opensslrampage.org post
ok miod@ deraadt@
| -rw-r--r-- | lib/libcrypto/arc4random/getentropy_linux.c | 5 | ||||
| -rw-r--r-- | lib/libcrypto/arc4random/getentropy_osx.c | 5 | ||||
| -rw-r--r-- | lib/libcrypto/arc4random/getentropy_solaris.c | 5 | ||||
| -rw-r--r-- | lib/libcrypto/crypto/getentropy_linux.c | 5 | ||||
| -rw-r--r-- | lib/libcrypto/crypto/getentropy_osx.c | 5 | ||||
| -rw-r--r-- | lib/libcrypto/crypto/getentropy_solaris.c | 5 |
6 files changed, 18 insertions, 12 deletions
diff --git a/lib/libcrypto/arc4random/getentropy_linux.c b/lib/libcrypto/arc4random/getentropy_linux.c index 6947102136e..eeaf9a4ef98 100644 --- a/lib/libcrypto/arc4random/getentropy_linux.c +++ b/lib/libcrypto/arc4random/getentropy_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.29 2014/07/21 19:15:56 deraadt Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.30 2014/07/21 20:19:47 guenther Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -539,7 +539,8 @@ getentropy_fallback(void *buf, size_t len) memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); if (gotdata(buf, len) == 0) { errno = save_errno; return 0; /* satisfied */ diff --git a/lib/libcrypto/arc4random/getentropy_osx.c b/lib/libcrypto/arc4random/getentropy_osx.c index b0ffda8c09f..ac5c748f6a6 100644 --- a/lib/libcrypto/arc4random/getentropy_osx.c +++ b/lib/libcrypto/arc4random/getentropy_osx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_osx.c,v 1.7 2014/07/19 16:12:00 deraadt Exp $ */ +/* $OpenBSD: getentropy_osx.c,v 1.8 2014/07/21 20:19:47 guenther Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -418,7 +418,8 @@ getentropy_fallback(void *buf, size_t len) memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); if (gotdata(buf, len) == 0) { errno = save_errno; return 0; /* satisfied */ diff --git a/lib/libcrypto/arc4random/getentropy_solaris.c b/lib/libcrypto/arc4random/getentropy_solaris.c index fed0eeb53ae..6ec2fe584c7 100644 --- a/lib/libcrypto/arc4random/getentropy_solaris.c +++ b/lib/libcrypto/arc4random/getentropy_solaris.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_solaris.c,v 1.8 2014/07/19 16:12:00 deraadt Exp $ */ +/* $OpenBSD: getentropy_solaris.c,v 1.9 2014/07/21 20:19:47 guenther Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -434,7 +434,8 @@ getentropy_fallback(void *buf, size_t len) memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); if (gotdata(buf, len) == 0) { errno = save_errno; return 0; /* satisfied */ diff --git a/lib/libcrypto/crypto/getentropy_linux.c b/lib/libcrypto/crypto/getentropy_linux.c index 6947102136e..eeaf9a4ef98 100644 --- a/lib/libcrypto/crypto/getentropy_linux.c +++ b/lib/libcrypto/crypto/getentropy_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.29 2014/07/21 19:15:56 deraadt Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.30 2014/07/21 20:19:47 guenther Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -539,7 +539,8 @@ getentropy_fallback(void *buf, size_t len) memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); if (gotdata(buf, len) == 0) { errno = save_errno; return 0; /* satisfied */ diff --git a/lib/libcrypto/crypto/getentropy_osx.c b/lib/libcrypto/crypto/getentropy_osx.c index b0ffda8c09f..ac5c748f6a6 100644 --- a/lib/libcrypto/crypto/getentropy_osx.c +++ b/lib/libcrypto/crypto/getentropy_osx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_osx.c,v 1.7 2014/07/19 16:12:00 deraadt Exp $ */ +/* $OpenBSD: getentropy_osx.c,v 1.8 2014/07/21 20:19:47 guenther Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -418,7 +418,8 @@ getentropy_fallback(void *buf, size_t len) memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); if (gotdata(buf, len) == 0) { errno = save_errno; return 0; /* satisfied */ diff --git a/lib/libcrypto/crypto/getentropy_solaris.c b/lib/libcrypto/crypto/getentropy_solaris.c index fed0eeb53ae..6ec2fe584c7 100644 --- a/lib/libcrypto/crypto/getentropy_solaris.c +++ b/lib/libcrypto/crypto/getentropy_solaris.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_solaris.c,v 1.8 2014/07/19 16:12:00 deraadt Exp $ */ +/* $OpenBSD: getentropy_solaris.c,v 1.9 2014/07/21 20:19:47 guenther Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -434,7 +434,8 @@ getentropy_fallback(void *buf, size_t len) memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); if (gotdata(buf, len) == 0) { errno = save_errno; return 0; /* satisfied */ |