[PATCH 07/15] libmd: Always erase context in _Final method,

Sebastian Huber sebastian.huber at embedded-brains.de
Thu Sep 8 13:27:24 UTC 2022


From: Xin LI <delphij at FreeBSD.org>

and when doing it, consistently use explicit_bzero().

Update manual pages to match the behavior.

Reviewed by:	pfg, allanjude, jmg
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D16316
---
 cpukit/libmd/sha256c.c | 2 +-
 cpukit/libmd/sha512c.c | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/cpukit/libmd/sha256c.c b/cpukit/libmd/sha256c.c
index 7fd568a2ab..563f9e2099 100644
--- a/cpukit/libmd/sha256c.c
+++ b/cpukit/libmd/sha256c.c
@@ -295,7 +295,7 @@ SHA256_Final(unsigned char digest[static SHA256_DIGEST_LENGTH], SHA256_CTX *ctx)
 	be32enc_vect(digest, ctx->state, SHA256_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset(ctx, 0, sizeof(*ctx));
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 /*** SHA-224: *********************************************************/
diff --git a/cpukit/libmd/sha512c.c b/cpukit/libmd/sha512c.c
index daeef9d671..0b03d09fa9 100644
--- a/cpukit/libmd/sha512c.c
+++ b/cpukit/libmd/sha512c.c
@@ -327,7 +327,7 @@ SHA512_Final(unsigned char digest[static SHA512_DIGEST_LENGTH], SHA512_CTX *ctx)
 	be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset(ctx, 0, sizeof(*ctx));
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 /*** SHA-512t: *********************************************************/
@@ -370,7 +370,7 @@ SHA512_224_Final(unsigned char digest[static SHA512_224_DIGEST_LENGTH], SHA512_C
 	be64enc_vect(digest, ctx->state, SHA512_224_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset(ctx, 0, sizeof(*ctx));
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 void
@@ -409,7 +409,7 @@ SHA512_256_Final(unsigned char digest[static SHA512_256_DIGEST_LENGTH], SHA512_C
 	be64enc_vect(digest, ctx->state, SHA512_256_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset(ctx, 0, sizeof(*ctx));
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 /*** SHA-384: *********************************************************/
@@ -459,5 +459,5 @@ SHA384_Final(unsigned char digest[static SHA384_DIGEST_LENGTH], SHA384_CTX *ctx)
 	be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset(ctx, 0, sizeof(*ctx));
+	explicit_bzero(ctx, sizeof(*ctx));
 }
-- 
2.35.3



More information about the devel mailing list