Ensure things really do get cleared when we intend them to.
Addresses an OCAP Audit issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
{
bn_check_top(a);
if (a->d != NULL)
{
bn_check_top(a);
if (a->d != NULL)
- memset(a->d, 0, sizeof(*a->d) * a->dmax);
+ OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
a->top = 0;
a->neg = 0;
}
a->top = 0;
a->neg = 0;
}
return;
if (a->data != NULL) {
return;
if (a->data != NULL) {
- memset(a->data, 0, (unsigned int)a->max);
if (a->flags & BUF_MEM_FLAG_SECURE)
OPENSSL_secure_free(a->data);
else
if (a->flags & BUF_MEM_FLAG_SECURE)
OPENSSL_secure_free(a->data);
else
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ctx->engine);
#endif
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ctx->engine);
#endif
- memset(ctx, 0, sizeof(*ctx));
+ OPENSSL_cleanse(ctx, sizeof(*ctx));
ctx->digest->cleanup(ctx);
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
}
ctx->digest->cleanup(ctx);
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
}
- memset(ctx->md_data, 0, ctx->digest->ctx_size);
+ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
* <appro@fy.chalmers.se>
*/
* <appro@fy.chalmers.se>
*/
+#include <openssl/crypto.h>
+
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
# error "DATA_ORDER must be defined!"
#endif
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
# error "DATA_ORDER must be defined!"
#endif
data += n;
len -= n;
c->num = 0;
data += n;
len -= n;
c->num = 0;
+ /*
+ * We use memset rather than OPENSSL_cleanse() here deliberately.
+ * Using OPENSSL_cleanse() here could be a performance issue. It
+ * will get properly cleansed on finalisation so this isn't a
+ * security problem.
+ */
memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
} else {
memcpy(p + n, data, len);
memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
} else {
memcpy(p + n, data, len);
p -= HASH_CBLOCK;
HASH_BLOCK_DATA_ORDER(c, p, 1);
c->num = 0;
p -= HASH_CBLOCK;
HASH_BLOCK_DATA_ORDER(c, p, 1);
c->num = 0;
- memset(p, 0, HASH_CBLOCK);
+ OPENSSL_cleanse(p, HASH_CBLOCK);
#ifndef HASH_MAKE_STRING
# error "HASH_MAKE_STRING must be defined!"
#ifndef HASH_MAKE_STRING
# error "HASH_MAKE_STRING must be defined!"
for (i = 0; i < 16; i++)
md[i] = (UCHAR) (p1[i] & 0xff);
for (i = 0; i < 16; i++)
md[i] = (UCHAR) (p1[i] & 0xff);
- memset(&c, 0, sizeof(c));
+ OPENSSL_cleanse(c, sizeof(*c));
/* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
if (num < old_len) {
/* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
if (num < old_len) {
- memset((char*)str + num, 0, old_len - num);
+ OPENSSL_cleanse((char*)str + num, old_len - num);
#include <stdlib.h>
#include <string.h>
#include <stdlib.h>
#include <string.h>
+#include <openssl/crypto.h>
#include "internal/poly1305.h"
#include "internal/poly1305.h"
poly1305_emit(ctx->opaque, mac, ctx->nonce);
/* zero out the state */
poly1305_emit(ctx->opaque, mac, ctx->nonce);
/* zero out the state */
- memset(ctx, 0, sizeof(*ctx));
+ OPENSSL_cleanse(ctx, sizeof(*ctx));
rnd >>= 8;
}
RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
rnd >>= 8;
}
RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
- memset(buf, 0, sizeof(buf));
+ OPENSSL_cleanse(buf, sizeof(buf));
* input. This is done for performance.
*/
* input. This is done for performance.
*/
+#include <openssl/crypto.h>
#include "wp_locl.h"
#include <string.h>
#include "wp_locl.h"
#include <string.h>
if (md) {
memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
if (md) {
memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
- memset(c, 0, sizeof(*c));
+ OPENSSL_cleanse(c, sizeof(*c));
return (1);
}
return (0);
return (1);
}
return (0);