Use explicit_bzero instead of memset in hash Final and End functions.

OK deraadt@ djm@

diff --git a/lib/libc/hash/helper.c b/lib/libc/hash/helper.c
index c2c2624..c13ce46 100644 (file)
--- a/lib/libc/hash/helper.c
+++ b/lib/libc/hash/helper.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: helper.c,v 1.11 2014/04/03 17:55:27 beck Exp $ */
+/*     $OpenBSD: helper.c,v 1.12 2015/01/15 13:05:59 millert Exp $ */
 
 /*
  * Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
@@ -50,7 +50,7 @@ HASHEnd(HASH_CTX *ctx, char *buf)
                buf[i + i + 1] = hex[digest[i] & 0x0f];
        }
        buf[i + i] = '\0';
-       memset(digest, 0, sizeof(digest));
+       explicit_bzero(digest, sizeof(digest));
        return (buf);
 }
 

diff --git a/lib/libc/hash/md5.c b/lib/libc/hash/md5.c
index b7a4e5e..2428ed5 100644 (file)
--- a/lib/libc/hash/md5.c
+++ b/lib/libc/hash/md5.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: md5.c,v 1.9 2014/01/08 06:14:57 tedu Exp $    */
+/*     $OpenBSD: md5.c,v 1.10 2015/01/15 13:05:59 millert Exp $        */
 
 /*
  * This code implements the MD5 message-digest algorithm.
@@ -128,7 +128,7 @@ MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
        MD5Pad(ctx);
        for (i = 0; i < 4; i++)
                PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
-       memset(ctx, 0, sizeof(*ctx));
+       explicit_bzero(ctx, sizeof(*ctx));
 }
 
 

diff --git a/lib/libc/hash/rmd160.c b/lib/libc/hash/rmd160.c
index afd119e..3abc7cc 100644 (file)
--- a/lib/libc/hash/rmd160.c
+++ b/lib/libc/hash/rmd160.c
@@ -153,7 +153,7 @@ RMD160Final(u_int8_t digest[RMD160_DIGEST_LENGTH], RMD160_CTX *ctx)
        RMD160Pad(ctx);
        for (i = 0; i < 5; i++)
                PUT_32BIT_LE(digest + i*4, ctx->state[i]);
-       memset(ctx, 0, sizeof (*ctx));
+       explicit_bzero(ctx, sizeof (*ctx));
 }
 
 void

diff --git a/lib/libc/hash/sha1.c b/lib/libc/hash/sha1.c
index 4352215..d484345 100644 (file)
--- a/lib/libc/hash/sha1.c
+++ b/lib/libc/hash/sha1.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sha1.c,v 1.23 2014/01/08 06:14:57 tedu Exp $  */
+/*     $OpenBSD: sha1.c,v 1.24 2015/01/15 13:05:59 millert Exp $       */
 
 /*
  * SHA-1 in C
@@ -169,5 +169,5 @@ SHA1Final(u_int8_t digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
                digest[i] = (u_int8_t)
                   ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
        }
-       memset(context, 0, sizeof(*context));
+       explicit_bzero(context, sizeof(*context));
 }

diff --git a/lib/libc/hash/sha2.c b/lib/libc/hash/sha2.c
index 23b4184..4842e42 100644 (file)
--- a/lib/libc/hash/sha2.c
+++ b/lib/libc/hash/sha2.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sha2.c,v 1.22 2014/12/19 15:14:04 tedu Exp $  */
+/*     $OpenBSD: sha2.c,v 1.23 2015/01/15 13:05:59 millert Exp $       */
 
 /*
  * FILE:       sha2.c
@@ -316,7 +316,7 @@ SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context)
 #else
        memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH);
 #endif
-       memset(context, 0, sizeof(*context));
+       explicit_bzero(context, sizeof(*context));
 }
 #endif /* !defined(SHA2_SMALL) */
 
@@ -591,7 +591,7 @@ SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context)
 #else
        memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
 #endif
-       memset(context, 0, sizeof(*context));
+       explicit_bzero(context, sizeof(*context));
 }
 
 
@@ -867,7 +867,7 @@ SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context)
 #else
        memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH);
 #endif
-       memset(context, 0, sizeof(*context));
+       explicit_bzero(context, sizeof(*context));
 }
 
 #if !defined(SHA2_SMALL)
@@ -901,6 +901,6 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
        memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
 #endif
        /* Zero out state data */
-       memset(context, 0, sizeof(*context));
+       explicit_bzero(context, sizeof(*context));
 }
 #endif /* !defined(SHA2_SMALL) */