[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Thu Jun 30 14:58:47 UTC 2016


The branch master has been updated
       via  3ce2fdabe6e33952bf3011acf5b68107e6352603 (commit)
      from  6f4ae777f5100715a96b45355a1195c2efa96b4e (commit)


- Log -----------------------------------------------------------------
commit 3ce2fdabe6e33952bf3011acf5b68107e6352603
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jun 24 23:37:27 2016 +0100

    Convert memset calls to OPENSSL_cleanse
    
    Ensure things really do get cleared when we intend them to.
    
    Addresses an OCAP Audit issue.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_lib.c                    |  2 +-
 crypto/buffer/buffer.c                |  1 -
 crypto/evp/digest.c                   |  4 ++--
 crypto/include/internal/md32_common.h | 10 +++++++++-
 crypto/md2/md2_dgst.c                 |  2 +-
 crypto/mem.c                          |  2 +-
 crypto/poly1305/poly1305.c            |  3 ++-
 crypto/rand/rand_unix.c               |  2 +-
 crypto/whrlpool/wp_dgst.c             |  3 ++-
 9 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 90df3ee..b606cc9 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -445,7 +445,7 @@ void BN_clear(BIGNUM *a)
 {
     bn_check_top(a);
     if (a->d != NULL)
-        memset(a->d, 0, sizeof(*a->d) * a->dmax);
+        OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
     a->top = 0;
     a->neg = 0;
 }
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index 7caa215..6b0bd4a 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -46,7 +46,6 @@ void BUF_MEM_free(BUF_MEM *a)
         return;
 
     if (a->data != NULL) {
-        memset(a->data, 0, (unsigned int)a->max);
         if (a->flags & BUF_MEM_FLAG_SECURE)
             OPENSSL_secure_free(a->data);
         else
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index c594a0a..65eff7c 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -36,7 +36,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_finish(ctx->engine);
 #endif
-    memset(ctx, 0, sizeof(*ctx));
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
 
     return 1;
 }
@@ -170,7 +170,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         ctx->digest->cleanup(ctx);
         EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
     }
-    memset(ctx->md_data, 0, ctx->digest->ctx_size);
+    OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
     return ret;
 }
 
diff --git a/crypto/include/internal/md32_common.h b/crypto/include/internal/md32_common.h
index 21133a3..6e4ce14 100644
--- a/crypto/include/internal/md32_common.h
+++ b/crypto/include/internal/md32_common.h
@@ -65,6 +65,8 @@
  *                                      <appro at fy.chalmers.se>
  */
 
+#include <openssl/crypto.h>
+
 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 # error "DATA_ORDER must be defined!"
 #endif
@@ -276,6 +278,12 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
             data += n;
             len -= n;
             c->num = 0;
+            /*
+             * We use memset rather than OPENSSL_cleanse() here deliberately.
+             * Using OPENSSL_cleanse() here could be a performance issue. It
+             * will get properly cleansed on finalisation so this isn't a
+             * security problem.
+             */
             memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
         } else {
             memcpy(p + n, data, len);
@@ -331,7 +339,7 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
     p -= HASH_CBLOCK;
     HASH_BLOCK_DATA_ORDER(c, p, 1);
     c->num = 0;
-    memset(p, 0, HASH_CBLOCK);
+    OPENSSL_cleanse(p, HASH_CBLOCK);
 
 #ifndef HASH_MAKE_STRING
 # error "HASH_MAKE_STRING must be defined!"
diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index b43cd4f..ff062fd 100644
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -168,6 +168,6 @@ int MD2_Final(unsigned char *md, MD2_CTX *c)
 
     for (i = 0; i < 16; i++)
         md[i] = (UCHAR) (p1[i] & 0xff);
-    memset(&c, 0, sizeof(c));
+    OPENSSL_cleanse(c, sizeof(*c));
     return 1;
 }
diff --git a/crypto/mem.c b/crypto/mem.c
index 6be14ab..02aa43a 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -148,7 +148,7 @@ void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
 
     /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
     if (num < old_len) {
-        memset((char*)str + num, 0, old_len - num);
+        OPENSSL_cleanse((char*)str + num, old_len - num);
         return str;
     }
 
diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c
index 55de19b..eec4d67 100644
--- a/crypto/poly1305/poly1305.c
+++ b/crypto/poly1305/poly1305.c
@@ -9,6 +9,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/crypto.h>
 
 #include "internal/poly1305.h"
 
@@ -545,7 +546,7 @@ void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16])
     poly1305_emit(ctx->opaque, mac, ctx->nonce);
 
     /* zero out the state */
-    memset(ctx, 0, sizeof(*ctx));
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
 }
 
 #ifdef SELFTEST
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index e231ecd..ecba2dc 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -134,7 +134,7 @@ int RAND_poll(void)
         rnd >>= 8;
     }
     RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
-    memset(buf, 0, sizeof(buf));
+    OPENSSL_cleanse(buf, sizeof(buf));
 
     return 1;
 }
diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c
index d852db6..ed06424 100644
--- a/crypto/whrlpool/wp_dgst.c
+++ b/crypto/whrlpool/wp_dgst.c
@@ -60,6 +60,7 @@
  * input. This is done for performance.
  */
 
+#include <openssl/crypto.h>
 #include "wp_locl.h"
 #include <string.h>
 
@@ -245,7 +246,7 @@ int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
 
     if (md) {
         memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
-        memset(c, 0, sizeof(*c));
+        OPENSSL_cleanse(c, sizeof(*c));
         return (1);
     }
     return (0);


More information about the openssl-commits mailing list