From 522222cf933abf83c6fc999f3e20de86a7ca670c Mon Sep 17 00:00:00 2001 From: Michael Graff Date: Mon, 24 Oct 2011 22:51:29 +0000 Subject: [PATCH] Correctly invalidate the sha2/hmac2 contexts. This was already done in practice, but this makes it zero out the whole structure rather than just the first 4 bytes + the key. sha2.c did not always zero out the full sha2 state in invalidate, but will now. --- lib/isc/hmacsha.c | 17 ++++++----------- lib/isc/sha2.c | 16 ++++++++-------- 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/lib/isc/hmacsha.c b/lib/isc/hmacsha.c index aba869ecc8..804916bdb3 100644 --- a/lib/isc/hmacsha.c +++ b/lib/isc/hmacsha.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacsha.c,v 1.10 2009/02/06 23:47:42 tbox Exp $ */ +/* $Id: hmacsha.c,v 1.11 2011/10/24 22:51:29 mgraff Exp $ */ /* * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 @@ -224,8 +224,7 @@ isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key, void isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) { isc_sha1_invalidate(&ctx->sha1ctx); - memset(ctx->key, 0, sizeof(ctx->key)); - memset(ctx, 0, sizeof(ctx)); + memset(ctx, 0, sizeof(*ctx)); } /* @@ -292,8 +291,7 @@ isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key, void isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) { - memset(ctx->key, 0, sizeof(ctx->key)); - memset(ctx, 0, sizeof(ctx)); + memset(ctx, 0, sizeof(*ctx)); } /* @@ -359,8 +357,7 @@ isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key, void isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) { - memset(ctx->key, 0, sizeof(ctx->key)); - memset(ctx, 0, sizeof(ctx)); + memset(ctx, 0, sizeof(*ctx)); } /* @@ -426,8 +423,7 @@ isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key, void isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) { - memset(ctx->key, 0, sizeof(ctx->key)); - memset(ctx, 0, sizeof(ctx)); + memset(ctx, 0, sizeof(*ctx)); } /* @@ -493,8 +489,7 @@ isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key, void isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) { - memset(ctx->key, 0, sizeof(ctx->key)); - memset(ctx, 0, sizeof(ctx)); + memset(ctx, 0, sizeof(*ctx)); } /* diff --git a/lib/isc/sha2.c b/lib/isc/sha2.c index 857e4a3def..b5ecbec3aa 100644 --- a/lib/isc/sha2.c +++ b/lib/isc/sha2.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha2.c,v 1.20 2011/03/12 04:59:49 tbox Exp $ */ +/* $Id: sha2.c,v 1.21 2011/10/24 22:51:29 mgraff Exp $ */ /* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */ /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */ @@ -905,7 +905,7 @@ isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { } /* Clean up state data: */ - memset(context, 0, sizeof(context)); + memset(context, 0, sizeof(*context)); usedspace = 0; POST(usedspace); } @@ -1229,7 +1229,7 @@ void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { } /* Zero out state data */ - memset(context, 0, sizeof(context)); + memset(context, 0, sizeof(*context)); } @@ -1282,7 +1282,7 @@ isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { } /* Zero out state data */ - memset(context, 0, sizeof(context)); + memset(context, 0, sizeof(*context)); } #endif /* !ISC_PLATFORM_OPENSSLHASH */ @@ -1313,7 +1313,7 @@ isc_sha224_end(isc_sha224_t *context, char buffer[]) { #ifdef ISC_PLATFORM_OPENSSLHASH EVP_MD_CTX_cleanup(context); #else - memset(context, 0, sizeof(context)); + memset(context, 0, sizeof(*context)); #endif } memset(digest, 0, ISC_SHA224_DIGESTLENGTH); @@ -1352,7 +1352,7 @@ isc_sha256_end(isc_sha256_t *context, char buffer[]) { #ifdef ISC_PLATFORM_OPENSSLHASH EVP_MD_CTX_cleanup(context); #else - memset(context, 0, sizeof(context)); + memset(context, 0, sizeof(*context)); #endif } memset(digest, 0, ISC_SHA256_DIGESTLENGTH); @@ -1391,7 +1391,7 @@ isc_sha512_end(isc_sha512_t *context, char buffer[]) { #ifdef ISC_PLATFORM_OPENSSLHASH EVP_MD_CTX_cleanup(context); #else - memset(context, 0, sizeof(context)); + memset(context, 0, sizeof(*context)); #endif } memset(digest, 0, ISC_SHA512_DIGESTLENGTH); @@ -1430,7 +1430,7 @@ isc_sha384_end(isc_sha384_t *context, char buffer[]) { #ifdef ISC_PLATFORM_OPENSSLHASH EVP_MD_CTX_cleanup(context); #else - memset(context, 0, sizeof(context)); + memset(context, 0, sizeof(*context)); #endif } memset(digest, 0, ISC_SHA384_DIGESTLENGTH);