[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Thu Jun 30 14:58:57 UTC 2016


The branch OpenSSL_1_0_2-stable has been updated
       via  cb5ebf961333896776fbce10ef88c2af7bec8aea (commit)
      from  6ad8c48291622a6ccc51489b9a230c9a05ca5614 (commit)


- Log -----------------------------------------------------------------
commit cb5ebf961333896776fbce10ef88c2af7bec8aea
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jun 24 23:37:27 2016 +0100

    Convert memset calls to OPENSSL_cleanse
    
    Ensure things really do get cleared when we intend them to.
    
    Addresses an OCAP Audit issue.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_lib.c        |  2 +-
 crypto/evp/digest.c       |  2 +-
 crypto/md2/md2_dgst.c     |  2 +-
 crypto/md32_common.h      | 10 +++++++++-
 crypto/rand/rand_unix.c   |  2 +-
 crypto/whrlpool/wp_dgst.c |  3 ++-
 6 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 80105ff..10b78f5 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -569,7 +569,7 @@ void BN_clear(BIGNUM *a)
 {
     bn_check_top(a);
     if (a->d != NULL)
-        memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
     a->top = 0;
     a->neg = 0;
 }
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index ee4296e..4db1796 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -285,7 +285,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         ctx->digest->cleanup(ctx);
         EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
     }
-    memset(ctx->md_data, 0, ctx->digest->ctx_size);
+    OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
     return ret;
 }
 
diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index 9cd79f8..7f5d9ba 100644
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -219,6 +219,6 @@ int MD2_Final(unsigned char *md, MD2_CTX *c)
 
     for (i = 0; i < 16; i++)
         md[i] = (UCHAR) (p1[i] & 0xff);
-    memset((char *)&c, 0, sizeof(c));
+    OPENSSL_cleanse(c, sizeof(*c));
     return 1;
 }
diff --git a/crypto/md32_common.h b/crypto/md32_common.h
index 96828d2..b5a04bf 100644
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -109,6 +109,8 @@
  *                                      <appro at fy.chalmers.se>
  */
 
+#include <openssl/crypto.h>
+
 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 # error "DATA_ORDER must be defined!"
 #endif
@@ -329,6 +331,12 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
             data += n;
             len -= n;
             c->num = 0;
+            /*
+             * We use memset rather than OPENSSL_cleanse() here deliberately.
+             * Using OPENSSL_cleanse() here could be a performance issue. It
+             * will get properly cleansed on finalisation so this isn't a
+             * security problem.
+             */
             memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
         } else {
             memcpy(p + n, data, len);
@@ -384,7 +392,7 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
     p -= HASH_CBLOCK;
     HASH_BLOCK_DATA_ORDER(c, p, 1);
     c->num = 0;
-    memset(p, 0, HASH_CBLOCK);
+    OPENSSL_cleanse(p, HASH_CBLOCK);
 
 #ifndef HASH_MAKE_STRING
 # error "HASH_MAKE_STRING must be defined!"
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 266111e..6c5b65d 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -235,7 +235,7 @@ int RAND_poll(void)
         rnd >>= 8;
     }
     RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
-    memset(buf, 0, sizeof(buf));
+    OPENSSL_cleanse(buf, sizeof(buf));
 
     return 1;
 }
diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c
index e33bb4f..807d1c4 100644
--- a/crypto/whrlpool/wp_dgst.c
+++ b/crypto/whrlpool/wp_dgst.c
@@ -51,6 +51,7 @@
  * input. This is done for perfomance.
  */
 
+#include <openssl/crypto.h>
 #include "wp_locl.h"
 #include <openssl/crypto.h>
 #include <string.h>
@@ -237,7 +238,7 @@ int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
 
     if (md) {
         memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
-        memset(c, 0, sizeof(*c));
+        OPENSSL_cleanse(c, sizeof(*c));
         return (1);
     }
     return (0);


More information about the openssl-commits mailing list