summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorguenther <>2014-07-21 20:19:47 +0000
committerguenther <>2014-07-21 20:19:47 +0000
commit020061f74efb2de9e81b625947d12fd92d08952b (patch)
tree588eebfad0a28f66ac52ceda81d8469ab9e5f975 /src
parent73be6bb9aaf4024e2879d17858a2de7863fea9f5 (diff)
downloadopenbsd-020061f74efb2de9e81b625947d12fd92d08952b.tar.gz
openbsd-020061f74efb2de9e81b625947d12fd92d08952b.tar.bz2
openbsd-020061f74efb2de9e81b625947d12fd92d08952b.zip
Use explicit_bzero() instead of memset() on buffers going out of scope.
Also, zero the SHA256 context. suggested by "eric" in a comment on an opensslrampage.org post ok miod@ deraadt@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_linux.c5
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_osx.c5
-rw-r--r--src/lib/libcrypto/arc4random/getentropy_solaris.c5
-rw-r--r--src/lib/libcrypto/crypto/getentropy_linux.c5
-rw-r--r--src/lib/libcrypto/crypto/getentropy_osx.c5
-rw-r--r--src/lib/libcrypto/crypto/getentropy_solaris.c5
6 files changed, 18 insertions, 12 deletions
diff --git a/src/lib/libcrypto/arc4random/getentropy_linux.c b/src/lib/libcrypto/arc4random/getentropy_linux.c
index 6947102136..eeaf9a4ef9 100644
--- a/src/lib/libcrypto/arc4random/getentropy_linux.c
+++ b/src/lib/libcrypto/arc4random/getentropy_linux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: getentropy_linux.c,v 1.29 2014/07/21 19:15:56 deraadt Exp $ */ 1/* $OpenBSD: getentropy_linux.c,v 1.30 2014/07/21 20:19:47 guenther Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> 4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -539,7 +539,8 @@ getentropy_fallback(void *buf, size_t len)
539 memcpy((char *)buf + i, results, min(sizeof(results), len - i)); 539 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
540 i += min(sizeof(results), len - i); 540 i += min(sizeof(results), len - i);
541 } 541 }
542 memset(results, 0, sizeof results); 542 explicit_bzero(&ctx, sizeof ctx);
543 explicit_bzero(results, sizeof results);
543 if (gotdata(buf, len) == 0) { 544 if (gotdata(buf, len) == 0) {
544 errno = save_errno; 545 errno = save_errno;
545 return 0; /* satisfied */ 546 return 0; /* satisfied */
diff --git a/src/lib/libcrypto/arc4random/getentropy_osx.c b/src/lib/libcrypto/arc4random/getentropy_osx.c
index b0ffda8c09..ac5c748f6a 100644
--- a/src/lib/libcrypto/arc4random/getentropy_osx.c
+++ b/src/lib/libcrypto/arc4random/getentropy_osx.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: getentropy_osx.c,v 1.7 2014/07/19 16:12:00 deraadt Exp $ */ 1/* $OpenBSD: getentropy_osx.c,v 1.8 2014/07/21 20:19:47 guenther Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> 4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -418,7 +418,8 @@ getentropy_fallback(void *buf, size_t len)
418 memcpy((char *)buf + i, results, min(sizeof(results), len - i)); 418 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
419 i += min(sizeof(results), len - i); 419 i += min(sizeof(results), len - i);
420 } 420 }
421 memset(results, 0, sizeof results); 421 explicit_bzero(&ctx, sizeof ctx);
422 explicit_bzero(results, sizeof results);
422 if (gotdata(buf, len) == 0) { 423 if (gotdata(buf, len) == 0) {
423 errno = save_errno; 424 errno = save_errno;
424 return 0; /* satisfied */ 425 return 0; /* satisfied */
diff --git a/src/lib/libcrypto/arc4random/getentropy_solaris.c b/src/lib/libcrypto/arc4random/getentropy_solaris.c
index fed0eeb53a..6ec2fe584c 100644
--- a/src/lib/libcrypto/arc4random/getentropy_solaris.c
+++ b/src/lib/libcrypto/arc4random/getentropy_solaris.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: getentropy_solaris.c,v 1.8 2014/07/19 16:12:00 deraadt Exp $ */ 1/* $OpenBSD: getentropy_solaris.c,v 1.9 2014/07/21 20:19:47 guenther Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> 4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -434,7 +434,8 @@ getentropy_fallback(void *buf, size_t len)
434 memcpy((char *)buf + i, results, min(sizeof(results), len - i)); 434 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
435 i += min(sizeof(results), len - i); 435 i += min(sizeof(results), len - i);
436 } 436 }
437 memset(results, 0, sizeof results); 437 explicit_bzero(&ctx, sizeof ctx);
438 explicit_bzero(results, sizeof results);
438 if (gotdata(buf, len) == 0) { 439 if (gotdata(buf, len) == 0) {
439 errno = save_errno; 440 errno = save_errno;
440 return 0; /* satisfied */ 441 return 0; /* satisfied */
diff --git a/src/lib/libcrypto/crypto/getentropy_linux.c b/src/lib/libcrypto/crypto/getentropy_linux.c
index 6947102136..eeaf9a4ef9 100644
--- a/src/lib/libcrypto/crypto/getentropy_linux.c
+++ b/src/lib/libcrypto/crypto/getentropy_linux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: getentropy_linux.c,v 1.29 2014/07/21 19:15:56 deraadt Exp $ */ 1/* $OpenBSD: getentropy_linux.c,v 1.30 2014/07/21 20:19:47 guenther Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> 4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -539,7 +539,8 @@ getentropy_fallback(void *buf, size_t len)
539 memcpy((char *)buf + i, results, min(sizeof(results), len - i)); 539 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
540 i += min(sizeof(results), len - i); 540 i += min(sizeof(results), len - i);
541 } 541 }
542 memset(results, 0, sizeof results); 542 explicit_bzero(&ctx, sizeof ctx);
543 explicit_bzero(results, sizeof results);
543 if (gotdata(buf, len) == 0) { 544 if (gotdata(buf, len) == 0) {
544 errno = save_errno; 545 errno = save_errno;
545 return 0; /* satisfied */ 546 return 0; /* satisfied */
diff --git a/src/lib/libcrypto/crypto/getentropy_osx.c b/src/lib/libcrypto/crypto/getentropy_osx.c
index b0ffda8c09..ac5c748f6a 100644
--- a/src/lib/libcrypto/crypto/getentropy_osx.c
+++ b/src/lib/libcrypto/crypto/getentropy_osx.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: getentropy_osx.c,v 1.7 2014/07/19 16:12:00 deraadt Exp $ */ 1/* $OpenBSD: getentropy_osx.c,v 1.8 2014/07/21 20:19:47 guenther Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> 4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -418,7 +418,8 @@ getentropy_fallback(void *buf, size_t len)
418 memcpy((char *)buf + i, results, min(sizeof(results), len - i)); 418 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
419 i += min(sizeof(results), len - i); 419 i += min(sizeof(results), len - i);
420 } 420 }
421 memset(results, 0, sizeof results); 421 explicit_bzero(&ctx, sizeof ctx);
422 explicit_bzero(results, sizeof results);
422 if (gotdata(buf, len) == 0) { 423 if (gotdata(buf, len) == 0) {
423 errno = save_errno; 424 errno = save_errno;
424 return 0; /* satisfied */ 425 return 0; /* satisfied */
diff --git a/src/lib/libcrypto/crypto/getentropy_solaris.c b/src/lib/libcrypto/crypto/getentropy_solaris.c
index fed0eeb53a..6ec2fe584c 100644
--- a/src/lib/libcrypto/crypto/getentropy_solaris.c
+++ b/src/lib/libcrypto/crypto/getentropy_solaris.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: getentropy_solaris.c,v 1.8 2014/07/19 16:12:00 deraadt Exp $ */ 1/* $OpenBSD: getentropy_solaris.c,v 1.9 2014/07/21 20:19:47 guenther Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> 4 * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -434,7 +434,8 @@ getentropy_fallback(void *buf, size_t len)
434 memcpy((char *)buf + i, results, min(sizeof(results), len - i)); 434 memcpy((char *)buf + i, results, min(sizeof(results), len - i));
435 i += min(sizeof(results), len - i); 435 i += min(sizeof(results), len - i);
436 } 436 }
437 memset(results, 0, sizeof results); 437 explicit_bzero(&ctx, sizeof ctx);
438 explicit_bzero(results, sizeof results);
438 if (gotdata(buf, len) == 0) { 439 if (gotdata(buf, len) == 0) {
439 errno = save_errno; 440 errno = save_errno;
440 return 0; /* satisfied */ 441 return 0; /* satisfied */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 00:10:53 +0000