[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Jun 30 14:58:47 UTC 2016
The branch master has been updated
via 3ce2fdabe6e33952bf3011acf5b68107e6352603 (commit)
from 6f4ae777f5100715a96b45355a1195c2efa96b4e (commit)
- Log -----------------------------------------------------------------
commit 3ce2fdabe6e33952bf3011acf5b68107e6352603
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jun 24 23:37:27 2016 +0100
Convert memset calls to OPENSSL_cleanse
Ensure things really do get cleared when we intend them to.
Addresses an OCAP Audit issue.
Reviewed-by: Andy Polyakov <appro at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_lib.c | 2 +-
crypto/buffer/buffer.c | 1 -
crypto/evp/digest.c | 4 ++--
crypto/include/internal/md32_common.h | 10 +++++++++-
crypto/md2/md2_dgst.c | 2 +-
crypto/mem.c | 2 +-
crypto/poly1305/poly1305.c | 3 ++-
crypto/rand/rand_unix.c | 2 +-
crypto/whrlpool/wp_dgst.c | 3 ++-
9 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 90df3ee..b606cc9 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -445,7 +445,7 @@ void BN_clear(BIGNUM *a)
{
bn_check_top(a);
if (a->d != NULL)
- memset(a->d, 0, sizeof(*a->d) * a->dmax);
+ OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
a->top = 0;
a->neg = 0;
}
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index 7caa215..6b0bd4a 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -46,7 +46,6 @@ void BUF_MEM_free(BUF_MEM *a)
return;
if (a->data != NULL) {
- memset(a->data, 0, (unsigned int)a->max);
if (a->flags & BUF_MEM_FLAG_SECURE)
OPENSSL_secure_free(a->data);
else
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index c594a0a..65eff7c 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -36,7 +36,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ctx->engine);
#endif
- memset(ctx, 0, sizeof(*ctx));
+ OPENSSL_cleanse(ctx, sizeof(*ctx));
return 1;
}
@@ -170,7 +170,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
ctx->digest->cleanup(ctx);
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
}
- memset(ctx->md_data, 0, ctx->digest->ctx_size);
+ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
return ret;
}
diff --git a/crypto/include/internal/md32_common.h b/crypto/include/internal/md32_common.h
index 21133a3..6e4ce14 100644
--- a/crypto/include/internal/md32_common.h
+++ b/crypto/include/internal/md32_common.h
@@ -65,6 +65,8 @@
* <appro at fy.chalmers.se>
*/
+#include <openssl/crypto.h>
+
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
# error "DATA_ORDER must be defined!"
#endif
@@ -276,6 +278,12 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
data += n;
len -= n;
c->num = 0;
+ /*
+ * We use memset rather than OPENSSL_cleanse() here deliberately.
+ * Using OPENSSL_cleanse() here could be a performance issue. It
+ * will get properly cleansed on finalisation so this isn't a
+ * security problem.
+ */
memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
} else {
memcpy(p + n, data, len);
@@ -331,7 +339,7 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
p -= HASH_CBLOCK;
HASH_BLOCK_DATA_ORDER(c, p, 1);
c->num = 0;
- memset(p, 0, HASH_CBLOCK);
+ OPENSSL_cleanse(p, HASH_CBLOCK);
#ifndef HASH_MAKE_STRING
# error "HASH_MAKE_STRING must be defined!"
diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index b43cd4f..ff062fd 100644
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -168,6 +168,6 @@ int MD2_Final(unsigned char *md, MD2_CTX *c)
for (i = 0; i < 16; i++)
md[i] = (UCHAR) (p1[i] & 0xff);
- memset(&c, 0, sizeof(c));
+ OPENSSL_cleanse(c, sizeof(*c));
return 1;
}
diff --git a/crypto/mem.c b/crypto/mem.c
index 6be14ab..02aa43a 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -148,7 +148,7 @@ void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
/* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
if (num < old_len) {
- memset((char*)str + num, 0, old_len - num);
+ OPENSSL_cleanse((char*)str + num, old_len - num);
return str;
}
diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c
index 55de19b..eec4d67 100644
--- a/crypto/poly1305/poly1305.c
+++ b/crypto/poly1305/poly1305.c
@@ -9,6 +9,7 @@
#include <stdlib.h>
#include <string.h>
+#include <openssl/crypto.h>
#include "internal/poly1305.h"
@@ -545,7 +546,7 @@ void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16])
poly1305_emit(ctx->opaque, mac, ctx->nonce);
/* zero out the state */
- memset(ctx, 0, sizeof(*ctx));
+ OPENSSL_cleanse(ctx, sizeof(*ctx));
}
#ifdef SELFTEST
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index e231ecd..ecba2dc 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -134,7 +134,7 @@ int RAND_poll(void)
rnd >>= 8;
}
RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
- memset(buf, 0, sizeof(buf));
+ OPENSSL_cleanse(buf, sizeof(buf));
return 1;
}
diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c
index d852db6..ed06424 100644
--- a/crypto/whrlpool/wp_dgst.c
+++ b/crypto/whrlpool/wp_dgst.c
@@ -60,6 +60,7 @@
* input. This is done for performance.
*/
+#include <openssl/crypto.h>
#include "wp_locl.h"
#include <string.h>
@@ -245,7 +246,7 @@ int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
if (md) {
memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
- memset(c, 0, sizeof(*c));
+ OPENSSL_cleanse(c, sizeof(*c));
return (1);
}
return (0);
More information about the openssl-commits
mailing list