pgcrypto: fix memset() calls that might be optimized away
Specifically, on-stack memset() might be removed, so: * Replace memset() with px_memset() * Add px_memset to copy_crlf() * Add px_memset to pgp-s2k.c Patch by Marko Kreen Report by PVS-Studio Backpatch through 8.4.
This commit is contained in:
Bruce Momjian
parent
83defef8c7
commit
9fe55259fd
@ -35,6 +35,7 @@
|
||||
#include "postgres.h"
|
||||
|
||||
#include "px-crypt.h"
|
||||
#include "px.h"
|
||||
|
||||
#ifdef __i386__
|
||||
#define BF_ASM 0 /* 1 */
|
||||
@ -616,7 +617,7 @@ _crypt_blowfish_rn(const char *key, const char *setting,
|
||||
count = (BF_word) 1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
|
||||
if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16))
|
||||
{
|
||||
memset(data.binary.salt, 0, sizeof(data.binary.salt));
|
||||
px_memset(data.binary.salt, 0, sizeof(data.binary.salt));
|
||||
return NULL;
|
||||
}
|
||||
BF_swap(data.binary.salt, 4);
|
||||
@ -729,7 +730,7 @@ _crypt_blowfish_rn(const char *key, const char *setting,
|
||||
/* Overwrite the most obvious sensitive data we have on the stack. Note
|
||||
* that this does not guarantee there's no sensitive data left on the
|
||||
* stack and/or in registers; I'm not aware of portable code that does. */
|
||||
memset(&data, 0, sizeof(data));
|
||||
px_memset(&data, 0, sizeof(data));
|
||||
|
||||
return output;
|
||||
}
|
||||
|
||||
@ -89,7 +89,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen)
|
||||
px_md_update(ctx, final, pl > MD5_SIZE ? MD5_SIZE : pl);
|
||||
|
||||
/* Don't leave anything around in vm they could use. */
|
||||
memset(final, 0, sizeof final);
|
||||
px_memset(final, 0, sizeof final);
|
||||
|
||||
/* Then something really weird... */
|
||||
for (i = strlen(pw); i; i >>= 1)
|
||||
@ -154,7 +154,7 @@ px_crypt_md5(const char *pw, const char *salt, char *passwd, unsigned dstlen)
|
||||
*p = '\0';
|
||||
|
||||
/* Don't leave anything around in vm they could use. */
|
||||
memset(final, 0, sizeof final);
|
||||
px_memset(final, 0, sizeof final);
|
||||
|
||||
px_md_free(ctx1);
|
||||
px_md_free(ctx);
|
||||
|
||||
@ -34,6 +34,7 @@
|
||||
#include <sys/time.h>
|
||||
#include <time.h>
|
||||
|
||||
#include "px.h"
|
||||
#include "rijndael.h"
|
||||
#include "sha2.h"
|
||||
#include "fortuna.h"
|
||||
@ -169,7 +170,7 @@ md_result(MD_CTX * ctx, uint8 *dst)
|
||||
|
||||
memcpy(&tmp, ctx, sizeof(*ctx));
|
||||
SHA256_Final(dst, &tmp);
|
||||
memset(&tmp, 0, sizeof(tmp));
|
||||
px_memset(&tmp, 0, sizeof(tmp));
|
||||
}
|
||||
|
||||
/*
|
||||
@ -243,7 +244,7 @@ enough_time_passed(FState *st)
|
||||
if (ok)
|
||||
memcpy(last, &tv, sizeof(tv));
|
||||
|
||||
memset(&tv, 0, sizeof(tv));
|
||||
px_memset(&tv, 0, sizeof(tv));
|
||||
|
||||
return ok;
|
||||
}
|
||||
@ -290,8 +291,8 @@ reseed(FState *st)
|
||||
/* use new key */
|
||||
ciph_init(&st->ciph, st->key, BLOCK);
|
||||
|
||||
memset(&key_md, 0, sizeof(key_md));
|
||||
memset(buf, 0, BLOCK);
|
||||
px_memset(&key_md, 0, sizeof(key_md));
|
||||
px_memset(buf, 0, BLOCK);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -341,8 +342,8 @@ add_entropy(FState *st, const uint8 *data, unsigned len)
|
||||
if (pos == 0)
|
||||
st->pool0_bytes += len;
|
||||
|
||||
memset(hash, 0, BLOCK);
|
||||
memset(&md, 0, sizeof(md));
|
||||
px_memset(hash, 0, BLOCK);
|
||||
px_memset(&md, 0, sizeof(md));
|
||||
}
|
||||
|
||||
/*
|
||||
@ -378,7 +379,7 @@ startup_tricks(FState *st)
|
||||
encrypt_counter(st, buf + CIPH_BLOCK);
|
||||
md_update(&st->pool[i], buf, BLOCK);
|
||||
}
|
||||
memset(buf, 0, BLOCK);
|
||||
px_memset(buf, 0, BLOCK);
|
||||
|
||||
/* Hide the key. */
|
||||
rekey(st);
|
||||
|
||||
@ -84,7 +84,7 @@ int_sha224_free(PX_MD *h)
|
||||
{
|
||||
SHA224_CTX *ctx = (SHA224_CTX *) h->p.ptr;
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
px_memset(ctx, 0, sizeof(*ctx));
|
||||
px_free(ctx);
|
||||
px_free(h);
|
||||
}
|
||||
@ -132,7 +132,7 @@ int_sha256_free(PX_MD *h)
|
||||
{
|
||||
SHA256_CTX *ctx = (SHA256_CTX *) h->p.ptr;
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
px_memset(ctx, 0, sizeof(*ctx));
|
||||
px_free(ctx);
|
||||
px_free(h);
|
||||
}
|
||||
@ -180,7 +180,7 @@ int_sha384_free(PX_MD *h)
|
||||
{
|
||||
SHA384_CTX *ctx = (SHA384_CTX *) h->p.ptr;
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
px_memset(ctx, 0, sizeof(*ctx));
|
||||
px_free(ctx);
|
||||
px_free(h);
|
||||
}
|
||||
@ -228,7 +228,7 @@ int_sha512_free(PX_MD *h)
|
||||
{
|
||||
SHA512_CTX *ctx = (SHA512_CTX *) h->p.ptr;
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
px_memset(ctx, 0, sizeof(*ctx));
|
||||
px_free(ctx);
|
||||
px_free(h);
|
||||
}
|
||||
|
||||
@ -142,7 +142,7 @@ int_md5_free(PX_MD *h)
|
||||
{
|
||||
MD5_CTX *ctx = (MD5_CTX *) h->p.ptr;
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
px_memset(ctx, 0, sizeof(*ctx));
|
||||
px_free(ctx);
|
||||
px_free(h);
|
||||
}
|
||||
@ -190,7 +190,7 @@ int_sha1_free(PX_MD *h)
|
||||
{
|
||||
SHA1_CTX *ctx = (SHA1_CTX *) h->p.ptr;
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
px_memset(ctx, 0, sizeof(*ctx));
|
||||
px_free(ctx);
|
||||
px_free(h);
|
||||
}
|
||||
@ -265,7 +265,7 @@ intctx_free(PX_Cipher *c)
|
||||
|
||||
if (cx)
|
||||
{
|
||||
memset(cx, 0, sizeof *cx);
|
||||
px_memset(cx, 0, sizeof *cx);
|
||||
px_free(cx);
|
||||
}
|
||||
px_free(c);
|
||||
@ -658,7 +658,7 @@ system_reseed(void)
|
||||
skip = buf[0] >= SYSTEM_RESEED_CHANCE;
|
||||
}
|
||||
/* clear 1 byte */
|
||||
memset(buf, 0, sizeof(buf));
|
||||
px_memset(buf, 0, sizeof(buf));
|
||||
|
||||
if (skip)
|
||||
return;
|
||||
@ -668,7 +668,7 @@ system_reseed(void)
|
||||
fortuna_add_entropy(buf, n);
|
||||
|
||||
seed_time = t;
|
||||
memset(buf, 0, sizeof(buf));
|
||||
px_memset(buf, 0, sizeof(buf));
|
||||
}
|
||||
|
||||
int
|
||||
|
||||
@ -69,7 +69,7 @@ mbuf_free(MBuf *mbuf)
|
||||
{
|
||||
if (mbuf->own_data)
|
||||
{
|
||||
memset(mbuf->data, 0, mbuf->buf_end - mbuf->data);
|
||||
px_memset(mbuf->data, 0, mbuf->buf_end - mbuf->data);
|
||||
px_free(mbuf->data);
|
||||
}
|
||||
px_free(mbuf);
|
||||
@ -249,11 +249,11 @@ pullf_free(PullFilter *pf)
|
||||
|
||||
if (pf->buf)
|
||||
{
|
||||
memset(pf->buf, 0, pf->buflen);
|
||||
px_memset(pf->buf, 0, pf->buflen);
|
||||
px_free(pf->buf);
|
||||
}
|
||||
|
||||
memset(pf, 0, sizeof(*pf));
|
||||
px_memset(pf, 0, sizeof(*pf));
|
||||
px_free(pf);
|
||||
}
|
||||
|
||||
@ -298,7 +298,7 @@ pullf_read_max(PullFilter *pf, int len, uint8 **data_p, uint8 *tmpbuf)
|
||||
if (res < 0)
|
||||
{
|
||||
/* so the caller must clear only on success */
|
||||
memset(tmpbuf, 0, total);
|
||||
px_memset(tmpbuf, 0, total);
|
||||
return res;
|
||||
}
|
||||
if (res == 0)
|
||||
@ -415,11 +415,11 @@ pushf_free(PushFilter *mp)
|
||||
|
||||
if (mp->buf)
|
||||
{
|
||||
memset(mp->buf, 0, mp->block_size);
|
||||
px_memset(mp->buf, 0, mp->block_size);
|
||||
px_free(mp->buf);
|
||||
}
|
||||
|
||||
memset(mp, 0, sizeof(*mp));
|
||||
px_memset(mp, 0, sizeof(*mp));
|
||||
px_free(mp);
|
||||
}
|
||||
|
||||
|
||||
@ -142,7 +142,7 @@ EVP_MD_CTX_init(EVP_MD_CTX *ctx)
|
||||
static int
|
||||
EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
px_memset(ctx, 0, sizeof(*ctx));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -381,7 +381,7 @@ gen_ossl_free(PX_Cipher *c)
|
||||
{
|
||||
ossldata *od = (ossldata *) c->ptr;
|
||||
|
||||
memset(od, 0, sizeof(*od));
|
||||
px_memset(od, 0, sizeof(*od));
|
||||
px_free(od);
|
||||
px_free(c);
|
||||
}
|
||||
|
||||
@ -84,7 +84,7 @@ void
|
||||
pgp_cfb_free(PGP_CFB *ctx)
|
||||
{
|
||||
px_cipher_free(ctx->ciph);
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
px_memset(ctx, 0, sizeof(*ctx));
|
||||
px_free(ctx);
|
||||
}
|
||||
|
||||
|
||||
@ -174,7 +174,7 @@ compress_free(void *priv)
|
||||
struct ZipStat *st = priv;
|
||||
|
||||
deflateEnd(&st->stream);
|
||||
memset(st, 0, sizeof(*st));
|
||||
px_memset(st, 0, sizeof(*st));
|
||||
px_free(st);
|
||||
}
|
||||
|
||||
@ -297,7 +297,7 @@ decompress_free(void *priv)
|
||||
struct DecomprData *dec = priv;
|
||||
|
||||
inflateEnd(&dec->stream);
|
||||
memset(dec, 0, sizeof(*dec));
|
||||
px_memset(dec, 0, sizeof(*dec));
|
||||
px_free(dec);
|
||||
}
|
||||
|
||||
|
||||
@ -210,7 +210,7 @@ pktreader_free(void *priv)
|
||||
{
|
||||
struct PktData *pkt = priv;
|
||||
|
||||
memset(pkt, 0, sizeof(*pkt));
|
||||
px_memset(pkt, 0, sizeof(*pkt));
|
||||
px_free(pkt);
|
||||
}
|
||||
|
||||
@ -257,7 +257,7 @@ prefix_init(void **priv_p, void *arg, PullFilter *src)
|
||||
if (res != len + 2)
|
||||
{
|
||||
px_debug("prefix_init: short read");
|
||||
memset(tmpbuf, 0, sizeof(tmpbuf));
|
||||
px_memset(tmpbuf, 0, sizeof(tmpbuf));
|
||||
return PXE_PGP_CORRUPT_DATA;
|
||||
}
|
||||
|
||||
@ -280,7 +280,7 @@ prefix_init(void **priv_p, void *arg, PullFilter *src)
|
||||
*/
|
||||
ctx->corrupt_prefix = 1;
|
||||
}
|
||||
memset(tmpbuf, 0, sizeof(tmpbuf));
|
||||
px_memset(tmpbuf, 0, sizeof(tmpbuf));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -395,8 +395,8 @@ mdc_finish(PGP_Context *ctx, PullFilter *src,
|
||||
*/
|
||||
px_md_finish(ctx->mdc_ctx, hash);
|
||||
res = memcmp(hash, *data_p, 20);
|
||||
memset(hash, 0, 20);
|
||||
memset(tmpbuf, 0, sizeof(tmpbuf));
|
||||
px_memset(hash, 0, 20);
|
||||
px_memset(tmpbuf, 0, sizeof(tmpbuf));
|
||||
if (res != 0)
|
||||
{
|
||||
px_debug("mdc_finish: mdc failed");
|
||||
@ -493,7 +493,7 @@ mdcbuf_finish(struct MDCBufData * st)
|
||||
px_md_update(st->ctx->mdc_ctx, st->mdc_buf, 2);
|
||||
px_md_finish(st->ctx->mdc_ctx, hash);
|
||||
res = memcmp(hash, st->mdc_buf + 2, 20);
|
||||
memset(hash, 0, 20);
|
||||
px_memset(hash, 0, 20);
|
||||
if (res)
|
||||
{
|
||||
px_debug("mdcbuf_finish: MDC does not match");
|
||||
@ -593,7 +593,7 @@ mdcbuf_free(void *priv)
|
||||
|
||||
px_md_free(st->ctx->mdc_ctx);
|
||||
st->ctx->mdc_ctx = NULL;
|
||||
memset(st, 0, sizeof(*st));
|
||||
px_memset(st, 0, sizeof(*st));
|
||||
px_free(st);
|
||||
}
|
||||
|
||||
@ -703,7 +703,7 @@ parse_symenc_sesskey(PGP_Context *ctx, PullFilter *src)
|
||||
res = decrypt_key(ctx, p, res);
|
||||
}
|
||||
|
||||
memset(tmpbuf, 0, sizeof(tmpbuf));
|
||||
px_memset(tmpbuf, 0, sizeof(tmpbuf));
|
||||
return res;
|
||||
}
|
||||
|
||||
@ -753,6 +753,7 @@ copy_crlf(MBuf *dst, uint8 *data, int len, int *got_cr)
|
||||
if (res < 0)
|
||||
return res;
|
||||
}
|
||||
px_memset(tmpbuf, 0, sizeof(tmpbuf));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -792,7 +793,7 @@ parse_literal_data(PGP_Context *ctx, MBuf *dst, PullFilter *pkt)
|
||||
px_debug("parse_literal_data: unexpected eof");
|
||||
return PXE_PGP_CORRUPT_DATA;
|
||||
}
|
||||
memset(tmpbuf, 0, 4);
|
||||
px_memset(tmpbuf, 0, 4);
|
||||
|
||||
/* check if text */
|
||||
if (ctx->text_mode)
|
||||
|
||||
@ -128,7 +128,7 @@ mdc_flush(PushFilter *dst, void *priv)
|
||||
px_md_finish(md, pkt + 2);
|
||||
|
||||
res = pushf_write(dst, pkt, 2 + MDC_DIGEST_LEN);
|
||||
memset(pkt, 0, 2 + MDC_DIGEST_LEN);
|
||||
px_memset(pkt, 0, 2 + MDC_DIGEST_LEN);
|
||||
return res;
|
||||
}
|
||||
|
||||
@ -217,7 +217,7 @@ encrypt_free(void *priv)
|
||||
{
|
||||
struct EncStat *st = priv;
|
||||
|
||||
memset(st, 0, sizeof(*st));
|
||||
px_memset(st, 0, sizeof(*st));
|
||||
px_free(st);
|
||||
}
|
||||
|
||||
@ -299,7 +299,7 @@ pkt_stream_free(void *priv)
|
||||
{
|
||||
struct PktStreamStat *st = priv;
|
||||
|
||||
memset(st, 0, sizeof(*st));
|
||||
px_memset(st, 0, sizeof(*st));
|
||||
px_free(st);
|
||||
}
|
||||
|
||||
@ -490,7 +490,7 @@ write_prefix(PGP_Context *ctx, PushFilter *dst)
|
||||
prefix[bs + 1] = prefix[bs - 1];
|
||||
|
||||
res = pushf_write(dst, prefix, bs + 2);
|
||||
memset(prefix, 0, bs + 2);
|
||||
px_memset(prefix, 0, bs + 2);
|
||||
return res < 0 ? res : 0;
|
||||
}
|
||||
|
||||
@ -552,7 +552,7 @@ write_symenc_sesskey(PGP_Context *ctx, PushFilter *dst)
|
||||
if (res >= 0)
|
||||
res = pushf_write(dst, pkt, pktlen);
|
||||
|
||||
memset(pkt, 0, pktlen);
|
||||
px_memset(pkt, 0, pktlen);
|
||||
return res;
|
||||
}
|
||||
|
||||
|
||||
@ -71,7 +71,7 @@ pgp_mpi_free(PGP_MPI *mpi)
|
||||
{
|
||||
if (mpi == NULL)
|
||||
return 0;
|
||||
memset(mpi, 0, sizeof(*mpi) + mpi->bytes);
|
||||
px_memset(mpi, 0, sizeof(*mpi) + mpi->bytes);
|
||||
px_free(mpi);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -87,7 +87,7 @@ add_block_entropy(PX_MD *md, text *data)
|
||||
|
||||
px_add_entropy(sha1, 20);
|
||||
|
||||
memset(sha1, 0, 20);
|
||||
px_memset(sha1, 0, 20);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -129,7 +129,7 @@ add_entropy(text *data1, text *data2, text *data3)
|
||||
add_block_entropy(md, data3);
|
||||
|
||||
px_md_free(md);
|
||||
memset(rnd, 0, sizeof(rnd));
|
||||
px_memset(rnd, 0, sizeof(rnd));
|
||||
}
|
||||
|
||||
/*
|
||||
@ -167,7 +167,7 @@ convert_to_utf8(text *src)
|
||||
static void
|
||||
clear_and_pfree(text *p)
|
||||
{
|
||||
memset(p, 0, VARSIZE(p));
|
||||
px_memset(p, 0, VARSIZE(p));
|
||||
pfree(p);
|
||||
}
|
||||
|
||||
|
||||
@ -72,7 +72,7 @@ pad_eme_pkcs1_v15(uint8 *data, int data_len, int res_len, uint8 **res_p)
|
||||
|
||||
if (res < 0)
|
||||
{
|
||||
memset(buf, 0, res_len);
|
||||
px_memset(buf, 0, res_len);
|
||||
px_free(buf);
|
||||
return res;
|
||||
}
|
||||
@ -122,10 +122,10 @@ create_secmsg(PGP_Context *ctx, PGP_MPI **msg_p, int full_bytes)
|
||||
|
||||
if (padded)
|
||||
{
|
||||
memset(padded, 0, full_bytes);
|
||||
px_memset(padded, 0, full_bytes);
|
||||
px_free(padded);
|
||||
}
|
||||
memset(secmsg, 0, klen + 3);
|
||||
px_memset(secmsg, 0, klen + 3);
|
||||
px_free(secmsg);
|
||||
|
||||
if (res >= 0)
|
||||
|
||||
@ -77,7 +77,7 @@ pgp_key_free(PGP_PubKey *pk)
|
||||
pgp_mpi_free(pk->sec.dsa.x);
|
||||
break;
|
||||
}
|
||||
memset(pk, 0, sizeof(*pk));
|
||||
px_memset(pk, 0, sizeof(*pk));
|
||||
px_free(pk);
|
||||
}
|
||||
|
||||
@ -150,7 +150,7 @@ calc_key_id(PGP_PubKey *pk)
|
||||
px_md_free(md);
|
||||
|
||||
memcpy(pk->key_id, hash + 12, 8);
|
||||
memset(hash, 0, 20);
|
||||
px_memset(hash, 0, 20);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -291,8 +291,8 @@ check_key_sha1(PullFilter *src, PGP_PubKey *pk)
|
||||
res = PXE_PGP_KEYPKT_CORRUPT;
|
||||
}
|
||||
err:
|
||||
memset(got_sha1, 0, 20);
|
||||
memset(my_sha1, 0, 20);
|
||||
px_memset(got_sha1, 0, 20);
|
||||
px_memset(my_sha1, 0, 20);
|
||||
return res;
|
||||
}
|
||||
|
||||
|
||||
@ -74,6 +74,7 @@ calc_s2k_simple(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
|
||||
remain = 0;
|
||||
}
|
||||
}
|
||||
px_memset(buf, 0, sizeof(buf));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -117,6 +118,7 @@ calc_s2k_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key, unsigned key_len)
|
||||
remain = 0;
|
||||
}
|
||||
}
|
||||
px_memset(buf, 0, sizeof(buf));
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -188,6 +190,7 @@ calc_s2k_iter_salted(PGP_S2K *s2k, PX_MD *md, const uint8 *key,
|
||||
remain = 0;
|
||||
}
|
||||
}
|
||||
px_memset(buf, 0, sizeof(buf));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -224,7 +224,7 @@ pgp_free(PGP_Context *ctx)
|
||||
{
|
||||
if (ctx->pub_key)
|
||||
pgp_key_free(ctx->pub_key);
|
||||
memset(ctx, 0, sizeof *ctx);
|
||||
px_memset(ctx, 0, sizeof *ctx);
|
||||
px_free(ctx);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -158,7 +158,7 @@ px_gen_salt(const char *salt_type, char *buf, int rounds)
|
||||
return res;
|
||||
|
||||
p = g->gen(rounds, rbuf, g->input_len, buf, PX_MAX_SALT_LEN);
|
||||
memset(rbuf, 0, sizeof(rbuf));
|
||||
px_memset(rbuf, 0, sizeof(rbuf));
|
||||
|
||||
if (p == NULL)
|
||||
return PXE_BAD_SALT_ROUNDS;
|
||||
|
||||
@ -75,7 +75,7 @@ hmac_init(PX_HMAC *h, const uint8 *key, unsigned klen)
|
||||
h->p.opad[i] = keybuf[i] ^ HMAC_OPAD;
|
||||
}
|
||||
|
||||
memset(keybuf, 0, bs);
|
||||
px_memset(keybuf, 0, bs);
|
||||
px_free(keybuf);
|
||||
|
||||
px_md_update(md, h->p.ipad, bs);
|
||||
@ -117,7 +117,7 @@ hmac_finish(PX_HMAC *h, uint8 *dst)
|
||||
px_md_update(md, buf, hlen);
|
||||
px_md_finish(md, dst);
|
||||
|
||||
memset(buf, 0, hlen);
|
||||
px_memset(buf, 0, hlen);
|
||||
px_free(buf);
|
||||
}
|
||||
|
||||
@ -129,8 +129,8 @@ hmac_free(PX_HMAC *h)
|
||||
bs = px_md_block_size(h->md);
|
||||
px_md_free(h->md);
|
||||
|
||||
memset(h->p.ipad, 0, bs);
|
||||
memset(h->p.opad, 0, bs);
|
||||
px_memset(h->p.ipad, 0, bs);
|
||||
px_memset(h->p.opad, 0, bs);
|
||||
px_free(h->p.ipad);
|
||||
px_free(h->p.opad);
|
||||
px_free(h);
|
||||
|
||||
@ -104,6 +104,12 @@ px_strerror(int err)
|
||||
return "Bad error code";
|
||||
}
|
||||
|
||||
/* memset that must not be optimized away */
|
||||
void
|
||||
px_memset(void *ptr, int c, size_t len)
|
||||
{
|
||||
memset(ptr, c, len);
|
||||
}
|
||||
|
||||
const char *
|
||||
px_resolve_alias(const PX_Alias *list, const char *name)
|
||||
@ -327,7 +333,7 @@ combo_free(PX_Combo *cx)
|
||||
{
|
||||
if (cx->cipher)
|
||||
px_cipher_free(cx->cipher);
|
||||
memset(cx, 0, sizeof(*cx));
|
||||
px_memset(cx, 0, sizeof(*cx));
|
||||
px_free(cx);
|
||||
}
|
||||
|
||||
|
||||
@ -203,6 +203,8 @@ const char *px_resolve_alias(const PX_Alias *aliases, const char *name);
|
||||
|
||||
void px_set_debug_handler(void (*handler) (const char *));
|
||||
|
||||
void px_memset(void *ptr, int c, size_t len);
|
||||
|
||||
#ifdef PX_DEBUG
|
||||
void
|
||||
px_debug(const char *fmt,...)
|
||||
|
||||
@ -40,6 +40,7 @@
|
||||
|
||||
#include <sys/param.h>
|
||||
|
||||
#include "px.h"
|
||||
#include "sha2.h"
|
||||
|
||||
/*
|
||||
@ -570,7 +571,7 @@ SHA256_Final(uint8 digest[], SHA256_CTX *context)
|
||||
}
|
||||
|
||||
/* Clean up state data: */
|
||||
memset(context, 0, sizeof(*context));
|
||||
px_memset(context, 0, sizeof(*context));
|
||||
}
|
||||
|
||||
|
||||
@ -899,7 +900,7 @@ SHA512_Final(uint8 digest[], SHA512_CTX *context)
|
||||
}
|
||||
|
||||
/* Zero out state data */
|
||||
memset(context, 0, sizeof(*context));
|
||||
px_memset(context, 0, sizeof(*context));
|
||||
}
|
||||
|
||||
|
||||
@ -944,7 +945,7 @@ SHA384_Final(uint8 digest[], SHA384_CTX *context)
|
||||
}
|
||||
|
||||
/* Zero out state data */
|
||||
memset(context, 0, sizeof(*context));
|
||||
px_memset(context, 0, sizeof(*context));
|
||||
}
|
||||
|
||||
/*** SHA-224: *********************************************************/
|
||||
@ -987,5 +988,5 @@ SHA224_Final(uint8 digest[], SHA224_CTX *context)
|
||||
}
|
||||
|
||||
/* Clean up state data: */
|
||||
memset(context, 0, sizeof(*context));
|
||||
px_memset(context, 0, sizeof(*context));
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user