We may want to add an explicit_bzero to SipHash_Final() too but
I'll leave that up to tedu.
- todd
Index: lib/libc/hash/helper.c
===================================================================
RCS file: /cvs/src/lib/libc/hash/helper.c,v
retrieving revision 1.11
diff -u -r1.11 helper.c
--- lib/libc/hash/helper.c 3 Apr 2014 17:55:27 -0000 1.11
+++ lib/libc/hash/helper.c 15 Jan 2015 03:41:17 -0000
@@ -50,7 +50,7 @@
buf[i + i + 1] = hex[digest[i] & 0x0f];
}
buf[i + i] = '\0';
- memset(digest, 0, sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
return (buf);
}
Index: lib/libc/hash/md5.c
===================================================================
RCS file: /cvs/src/lib/libc/hash/md5.c,v
retrieving revision 1.9
diff -u -r1.9 md5.c
--- lib/libc/hash/md5.c 8 Jan 2014 06:14:57 -0000 1.9
+++ lib/libc/hash/md5.c 15 Jan 2015 03:41:26 -0000
@@ -128,7 +128,7 @@
MD5Pad(ctx);
for (i = 0; i < 4; i++)
PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
- memset(ctx, 0, sizeof(*ctx));
+ explicit_bzero(ctx, sizeof(*ctx));
}
Index: lib/libc/hash/rmd160.c
===================================================================
RCS file: /cvs/src/lib/libc/hash/rmd160.c,v
retrieving revision 1.20
diff -u -r1.20 rmd160.c
--- lib/libc/hash/rmd160.c 21 Jul 2014 01:51:10 -0000 1.20
+++ lib/libc/hash/rmd160.c 15 Jan 2015 03:41:34 -0000
@@ -153,7 +153,7 @@
RMD160Pad(ctx);
for (i = 0; i < 5; i++)
PUT_32BIT_LE(digest + i*4, ctx->state[i]);
- memset(ctx, 0, sizeof (*ctx));
+ explicit_bzero(ctx, sizeof (*ctx));
}
void
Index: lib/libc/hash/sha1.c
===================================================================
RCS file: /cvs/src/lib/libc/hash/sha1.c,v
retrieving revision 1.23
diff -u -r1.23 sha1.c
--- lib/libc/hash/sha1.c 8 Jan 2014 06:14:57 -0000 1.23
+++ lib/libc/hash/sha1.c 15 Jan 2015 03:41:43 -0000
@@ -169,5 +169,5 @@
digest[i] = (u_int8_t)
((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
}
- memset(context, 0, sizeof(*context));
+ explicit_bzero(context, sizeof(*context));
}
Index: lib/libc/hash/sha2.c
===================================================================
RCS file: /cvs/src/lib/libc/hash/sha2.c,v
retrieving revision 1.22
diff -u -r1.22 sha2.c
--- lib/libc/hash/sha2.c 19 Dec 2014 15:14:04 -0000 1.22
+++ lib/libc/hash/sha2.c 15 Jan 2015 03:43:34 -0000
@@ -316,7 +316,7 @@
#else
memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH);
#endif
- memset(context, 0, sizeof(*context));
+ explicit_bzero(context, sizeof(*context));
}
#endif /* !defined(SHA2_SMALL) */
@@ -591,7 +591,7 @@
#else
memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
#endif
- memset(context, 0, sizeof(*context));
+ explicit_bzero(context, sizeof(*context));
}
@@ -867,7 +867,7 @@
#else
memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH);
#endif
- memset(context, 0, sizeof(*context));
+ explicit_bzero(context, sizeof(*context));
}
#if !defined(SHA2_SMALL)
@@ -901,6 +901,6 @@
memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
#endif
/* Zero out state data */
- memset(context, 0, sizeof(*context));
+ explicit_bzero(context, sizeof(*context));
}
#endif /* !defined(SHA2_SMALL) */
