ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Don't use memset() to wipe memory (#45947)

Browse Source
This commit is contained in:
Mukund Sivaraman
2017-09-19 16:16:45 +05:30
parent 404c9b1c53
commit d5707676e4
27 changed files with 382 additions and 289 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
lib/dns/hmac_link.c
View File

@@ -165,7 +165,7 @@ hmacmd5_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int)) {
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacmd5_fromdns(key, &b);
memset(data, 0, ISC_MD5_BLOCK_LENGTH);
isc_safe_memwipe(data, sizeof(data));
return (ret);
}
@@ -180,8 +180,8 @@ static void
hmacmd5_destroy(dst_key_t *key) {
dst_hmacmd5_key_t *hkey = key->keydata.hmacmd5;
memset(hkey, 0, sizeof(dst_hmacmd5_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacmd5_key_t));
isc_safe_memwipe(hkey, sizeof(*hkey));
isc_mem_put(key->mctx, hkey, sizeof(*hkey));
key->keydata.hmacmd5 = NULL;
}
@@ -307,7 +307,7 @@ hmacmd5_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
isc_safe_memwipe(&priv, sizeof(priv));
return (result);
}
@@ -451,7 +451,7 @@ hmacsha1_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int)) {
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacsha1_fromdns(key, &b);
memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
isc_safe_memwipe(data, sizeof(data));
return (ret);
}
@@ -466,8 +466,8 @@ static void
hmacsha1_destroy(dst_key_t *key) {
dst_hmacsha1_key_t *hkey = key->keydata.hmacsha1;
memset(hkey, 0, sizeof(dst_hmacsha1_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha1_key_t));
isc_safe_memwipe(hkey, sizeof(*hkey));
isc_mem_put(key->mctx, hkey, sizeof(*hkey));
key->keydata.hmacsha1 = NULL;
}
@@ -593,7 +593,7 @@ hmacsha1_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
isc_safe_memwipe(&priv, sizeof(priv));
return (result);
}
@@ -738,7 +738,7 @@ hmacsha224_generate(dst_key_t *key, int pseudorandom_ok,
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacsha224_fromdns(key, &b);
memset(data, 0, ISC_SHA224_BLOCK_LENGTH);
isc_safe_memwipe(data, sizeof(data));
return (ret);
}
@@ -753,8 +753,8 @@ static void
hmacsha224_destroy(dst_key_t *key) {
dst_hmacsha224_key_t *hkey = key->keydata.hmacsha224;
memset(hkey, 0, sizeof(dst_hmacsha224_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha224_key_t));
isc_safe_memwipe(hkey, sizeof(*hkey));
isc_mem_put(key->mctx, hkey, sizeof(*hkey));
key->keydata.hmacsha224 = NULL;
}
@@ -880,7 +880,7 @@ hmacsha224_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
isc_safe_memwipe(&priv, sizeof(priv));
return (result);
}
@@ -1025,7 +1025,7 @@ hmacsha256_generate(dst_key_t *key, int pseudorandom_ok,
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacsha256_fromdns(key, &b);
memset(data, 0, ISC_SHA256_BLOCK_LENGTH);
isc_safe_memwipe(data, sizeof(data));
return (ret);
}
@@ -1040,8 +1040,8 @@ static void
hmacsha256_destroy(dst_key_t *key) {
dst_hmacsha256_key_t *hkey = key->keydata.hmacsha256;
memset(hkey, 0, sizeof(dst_hmacsha256_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha256_key_t));
isc_safe_memwipe(hkey, sizeof(*hkey));
isc_mem_put(key->mctx, hkey, sizeof(*hkey));
key->keydata.hmacsha256 = NULL;
}
@@ -1167,7 +1167,7 @@ hmacsha256_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
isc_safe_memwipe(&priv, sizeof(priv));
return (result);
}
@@ -1312,7 +1312,7 @@ hmacsha384_generate(dst_key_t *key, int pseudorandom_ok,
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacsha384_fromdns(key, &b);
memset(data, 0, ISC_SHA384_BLOCK_LENGTH);
isc_safe_memwipe(data, sizeof(data));
return (ret);
}
@@ -1327,8 +1327,8 @@ static void
hmacsha384_destroy(dst_key_t *key) {
dst_hmacsha384_key_t *hkey = key->keydata.hmacsha384;
memset(hkey, 0, sizeof(dst_hmacsha384_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha384_key_t));
isc_safe_memwipe(hkey, sizeof(*hkey));
isc_mem_put(key->mctx, hkey, sizeof(*hkey));
key->keydata.hmacsha384 = NULL;
}
@@ -1454,7 +1454,7 @@ hmacsha384_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
isc_safe_memwipe(&priv, sizeof(priv));
return (result);
}
@@ -1599,7 +1599,7 @@ hmacsha512_generate(dst_key_t *key, int pseudorandom_ok,
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacsha512_fromdns(key, &b);
memset(data, 0, ISC_SHA512_BLOCK_LENGTH);
isc_safe_memwipe(data, sizeof(data));
return (ret);
}
@@ -1614,8 +1614,8 @@ static void
hmacsha512_destroy(dst_key_t *key) {
dst_hmacsha512_key_t *hkey = key->keydata.hmacsha512;
memset(hkey, 0, sizeof(dst_hmacsha512_key_t));
isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha512_key_t));
isc_safe_memwipe(hkey, sizeof(*hkey));
isc_mem_put(key->mctx, hkey, sizeof(*hkey));
key->keydata.hmacsha512 = NULL;
}
@@ -1741,7 +1741,7 @@ hmacsha512_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
isc_safe_memwipe(&priv, sizeof(priv));
return (result);
}