Convert memset calls to OPENSSL_cleanse

Ensure things really do get cleared when we intend them to.

Addresses an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit cb5ebf961333896776fbce10ef88c2af7bec8aea)

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 80105fff410c497661b55ae73779c239bd2b6946..10b78f5126076f614545d16e618aede4679553c1 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -569,7 +569,7 @@ void BN_clear(BIGNUM *a)
 {
     bn_check_top(a);
     if (a->d != NULL)
-        memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
     a->top = 0;
     a->neg = 0;
 }

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 5d419effec97e4bc69b5ec735256f0943348177a..0654050ab0874b9088592242c3f396da917d8aa3 100644 (file)
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -273,7 +273,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         ctx->digest->cleanup(ctx);
         EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
     }
-    memset(ctx->md_data, 0, ctx->digest->ctx_size);
+    OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
     return ret;
 }
 

diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index 9cd79f8d70c38d245843712c6de7b7cf0d112717..7f5d9ba69ba2341939fc3285bc81099fe32176d3 100644 (file)
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -219,6 +219,6 @@ int MD2_Final(unsigned char *md, MD2_CTX *c)
 
     for (i = 0; i < 16; i++)
         md[i] = (UCHAR) (p1[i] & 0xff);
-    memset((char *)&c, 0, sizeof(c));
+    OPENSSL_cleanse(c, sizeof(*c));
     return 1;
 }

diff --git a/crypto/md32_common.h b/crypto/md32_common.h
index 1823833419c4f9193ca3cf5d18ae79fb6fcb2981..aac719139e32ad8999ef816985899a8cc0356d6a 100644 (file)
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -109,6 +109,8 @@
  *                                      <appro@fy.chalmers.se>
  */
 
+#include <openssl/crypto.h>
+
 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 # error "DATA_ORDER must be defined!"
 #endif
@@ -311,6 +313,12 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
             data += n;
             len -= n;
             c->num = 0;
+            /*
+             * We use memset rather than OPENSSL_cleanse() here deliberately.
+             * Using OPENSSL_cleanse() here could be a performance issue. It
+             * will get properly cleansed on finalisation so this isn't a
+             * security problem.
+             */
             memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
         } else {
             memcpy(p + n, data, len);
@@ -366,7 +374,7 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
     p -= HASH_CBLOCK;
     HASH_BLOCK_DATA_ORDER(c, p, 1);
     c->num = 0;
-    memset(p, 0, HASH_CBLOCK);
+    OPENSSL_cleanse(p, HASH_CBLOCK);
 
 #ifndef HASH_MAKE_STRING
 # error "HASH_MAKE_STRING must be defined!"

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 266111edda8c1d1d7bcfe2aa62a81c6ca6ffb4e3..6c5b65da0070ee10469f05ce9e0198168b3c8e75 100644 (file)
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -235,7 +235,7 @@ int RAND_poll(void)
         rnd >>= 8;
     }
     RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
-    memset(buf, 0, sizeof(buf));
+    OPENSSL_cleanse(buf, sizeof(buf));
 
     return 1;
 }

diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c
index e33bb4f833b5941da6c8c723273ae4bbf0fe1811..807d1c49b2d3b77a65ca2a6ed3852d2c28044c09 100644 (file)
--- a/crypto/whrlpool/wp_dgst.c
+++ b/crypto/whrlpool/wp_dgst.c
@@ -51,6 +51,7 @@
  * input. This is done for perfomance.
  */
 
+#include <openssl/crypto.h>
 #include "wp_locl.h"
 #include <openssl/crypto.h>
 #include <string.h>
@@ -237,7 +238,7 @@ int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
 
     if (md) {
         memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
-        memset(c, 0, sizeof(*c));
+        OPENSSL_cleanse(c, sizeof(*c));
         return (1);
     }
     return (0);