Commit 522222cf authored by Michael Graff's avatar Michael Graff
Browse files

Correctly invalidate the sha2/hmac2 contexts. This was already done in...

Correctly invalidate the sha2/hmac2 contexts.  This was already done in practice, but this makes it zero out the whole structure rather than just the first 4 bytes + the key.  sha2.c did not always zero out the full sha2 state in invalidate, but will now.
parent 81c538f9
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: hmacsha.c,v 1.10 2009/02/06 23:47:42 tbox Exp $ */
/* $Id: hmacsha.c,v 1.11 2011/10/24 22:51:29 mgraff Exp $ */
/*
* This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
......@@ -224,8 +224,7 @@ isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
void
isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
isc_sha1_invalidate(&ctx->sha1ctx);
memset(ctx->key, 0, sizeof(ctx->key));
memset(ctx, 0, sizeof(ctx));
memset(ctx, 0, sizeof(*ctx));
}
/*
......@@ -292,8 +291,7 @@ isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
void
isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
memset(ctx->key, 0, sizeof(ctx->key));
memset(ctx, 0, sizeof(ctx));
memset(ctx, 0, sizeof(*ctx));
}
/*
......@@ -359,8 +357,7 @@ isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
void
isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
memset(ctx->key, 0, sizeof(ctx->key));
memset(ctx, 0, sizeof(ctx));
memset(ctx, 0, sizeof(*ctx));
}
/*
......@@ -426,8 +423,7 @@ isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
void
isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
memset(ctx->key, 0, sizeof(ctx->key));
memset(ctx, 0, sizeof(ctx));
memset(ctx, 0, sizeof(*ctx));
}
/*
......@@ -493,8 +489,7 @@ isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
void
isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
memset(ctx->key, 0, sizeof(ctx->key));
memset(ctx, 0, sizeof(ctx));
memset(ctx, 0, sizeof(*ctx));
}
/*
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: sha2.c,v 1.20 2011/03/12 04:59:49 tbox Exp $ */
/* $Id: sha2.c,v 1.21 2011/10/24 22:51:29 mgraff Exp $ */
/* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
/* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
......@@ -905,7 +905,7 @@ isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
}
/* Clean up state data: */
memset(context, 0, sizeof(context));
memset(context, 0, sizeof(*context));
usedspace = 0;
POST(usedspace);
}
......@@ -1229,7 +1229,7 @@ void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
}
/* Zero out state data */
memset(context, 0, sizeof(context));
memset(context, 0, sizeof(*context));
}
......@@ -1282,7 +1282,7 @@ isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
}
/* Zero out state data */
memset(context, 0, sizeof(context));
memset(context, 0, sizeof(*context));
}
#endif /* !ISC_PLATFORM_OPENSSLHASH */
......@@ -1313,7 +1313,7 @@ isc_sha224_end(isc_sha224_t *context, char buffer[]) {
#ifdef ISC_PLATFORM_OPENSSLHASH
EVP_MD_CTX_cleanup(context);
#else
memset(context, 0, sizeof(context));
memset(context, 0, sizeof(*context));
#endif
}
memset(digest, 0, ISC_SHA224_DIGESTLENGTH);
......@@ -1352,7 +1352,7 @@ isc_sha256_end(isc_sha256_t *context, char buffer[]) {
#ifdef ISC_PLATFORM_OPENSSLHASH
EVP_MD_CTX_cleanup(context);
#else
memset(context, 0, sizeof(context));
memset(context, 0, sizeof(*context));
#endif
}
memset(digest, 0, ISC_SHA256_DIGESTLENGTH);
......@@ -1391,7 +1391,7 @@ isc_sha512_end(isc_sha512_t *context, char buffer[]) {
#ifdef ISC_PLATFORM_OPENSSLHASH
EVP_MD_CTX_cleanup(context);
#else
memset(context, 0, sizeof(context));
memset(context, 0, sizeof(*context));
#endif
}
memset(digest, 0, ISC_SHA512_DIGESTLENGTH);
......@@ -1430,7 +1430,7 @@ isc_sha384_end(isc_sha384_t *context, char buffer[]) {
#ifdef ISC_PLATFORM_OPENSSLHASH
EVP_MD_CTX_cleanup(context);
#else
memset(context, 0, sizeof(context));
memset(context, 0, sizeof(*context));
#endif
}
memset(digest, 0, ISC_SHA384_DIGESTLENGTH);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment