Don't use memset() to wipe memory (#45947)

2025-08-31 06:25:31 +00:00 · 2017-09-19 16:16:45 +05:30
parent 404c9b1c53
commit d5707676e4
27 changed files with 382 additions and 289 deletions
--- a/lib/isc/random.c
+++ b/lib/isc/random.c
@@ -46,6 +46,7 @@
 #include <isc/mem.h>
 #include <isc/entropy.h>
 #include <isc/random.h>
+#include <isc/safe.h>
 #include <isc/string.h>
 #include <isc/util.h>

@@ -342,13 +343,7 @@ chacha_stir(isc_rng_t *rng) {

 	chacha_rekey(rng, rnd.rnd, sizeof(rnd.rnd));

-	/*
-	 * The OpenBSD implementation explicit_bzero()s the random seed
-	 * rnd.rnd at this point, but it may not be required here. This
-	 * memset() may also be optimized away by the compiler as
-	 * rnd.rnd is not used further.
-	 */
-	memset(rnd.rnd, 0, sizeof(rnd.rnd));
+	isc_safe_memwipe(rnd.rnd, sizeof(rnd.rnd));

 	/* Invalidate the buffer too. */
 	rng->have = 0;