From c4d58f14e079bdef1639cc56b4cc5f782c56bba7 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Wed, 6 Nov 2002 17:32:37 +0000 Subject: [PATCH] * rndw32.c [__CYGWIN32__]: Don't include winioctl.h - it is not required anymore. (From Werner) * random.c (read_seed_file,update_random_seed_file): Use binary mode for __CYGWIN__. (From Werner) * blowfish.c (burn_stack), cast5.c (burn_stack), des.c (burn_stack), md5.c (burn_stack), random.c (burn_stack, read_pool, fast_random_poll), rijndael.c (burn_stack), rmd160.c (burn_stack), rndegd.c (rndegd_gather_random), rndlinux.c (rndlinux_gather_random), sha1.c (burn_stack), tiger.c (burn_stack), twofish.c (burn_stack): Replace various calls to memset() with the more secure wipememory(). --- cipher/ChangeLog | 16 ++++++++++++++++ cipher/blowfish.c | 3 ++- cipher/cast5.c | 3 ++- cipher/des.c | 3 ++- cipher/md5.c | 2 +- cipher/random.c | 22 +++++++++++----------- cipher/rijndael.c | 2 +- cipher/rmd160.c | 2 +- cipher/rndegd.c | 2 +- cipher/rndlinux.c | 2 +- cipher/rndw32.c | 3 --- cipher/sha1.c | 2 +- cipher/tiger.c | 2 +- cipher/twofish.c | 2 +- 14 files changed, 41 insertions(+), 25 deletions(-) diff --git a/cipher/ChangeLog b/cipher/ChangeLog index ce644011e..44984d69f 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,19 @@ +2002-11-06 David Shaw + + * rndw32.c [__CYGWIN32__]: Don't include winioctl.h - it is not + required anymore. (From Werner) + + * random.c (read_seed_file,update_random_seed_file): Use binary + mode for __CYGWIN__. (From Werner) + + * blowfish.c (burn_stack), cast5.c (burn_stack), des.c + (burn_stack), md5.c (burn_stack), random.c (burn_stack, read_pool, + fast_random_poll), rijndael.c (burn_stack), rmd160.c (burn_stack), + rndegd.c (rndegd_gather_random), rndlinux.c + (rndlinux_gather_random), sha1.c (burn_stack), tiger.c + (burn_stack), twofish.c (burn_stack): Replace various calls to + memset() with the more secure wipememory(). + 2002-11-02 David Shaw * cipher.c (string_to_cipher_algo), md.c (string_to_digest_algo): diff --git a/cipher/blowfish.c b/cipher/blowfish.c index bf00fc462..7c9f952e9 100644 --- a/cipher/blowfish.c +++ b/cipher/blowfish.c @@ -35,6 +35,7 @@ #include #include #include "types.h" +#include "util.h" #include "errors.h" #include "algorithms.h" @@ -282,7 +283,7 @@ burn_stack (int bytes) { char buf[64]; - memset (buf, 0, sizeof buf); + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) burn_stack (bytes); diff --git a/cipher/cast5.c b/cipher/cast5.c index 6373886f5..5ecfcc646 100644 --- a/cipher/cast5.c +++ b/cipher/cast5.c @@ -40,6 +40,7 @@ #include #include #include "types.h" +#include "util.h" #include "errors.h" #include "algorithms.h" @@ -359,7 +360,7 @@ burn_stack (int bytes) { char buf[64]; - memset (buf, 0, sizeof buf); + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) burn_stack (bytes); diff --git a/cipher/des.c b/cipher/des.c index 36383d2c0..5c0e49645 100644 --- a/cipher/des.c +++ b/cipher/des.c @@ -115,6 +115,7 @@ #include #include /* memcpy, memcmp */ #include "types.h" /* for byte and u32 typedefs */ +#include "util.h" #include "errors.h" #include "algorithms.h" @@ -453,7 +454,7 @@ burn_stack (int bytes) { char buf[64]; - memset (buf, 0, sizeof buf); + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) burn_stack (bytes); diff --git a/cipher/md5.c b/cipher/md5.c index ca605b6fd..1d1f76134 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -78,7 +78,7 @@ burn_stack (int bytes) { char buf[128]; - memset (buf, 0, sizeof buf); + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) burn_stack (bytes); diff --git a/cipher/random.c b/cipher/random.c index c2dea9c28..8b750a7ff 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -205,7 +205,7 @@ burn_stack (int bytes) { char buf[128]; - memset (buf, 0, sizeof buf); + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) burn_stack (bytes); @@ -311,9 +311,9 @@ mix_pool(byte *pool) RMD160_CONTEXT md; rmd160_init( &md ); - #if DIGESTLEN != 20 +#if DIGESTLEN != 20 #error must have a digest length of 20 for ripe-md-160 - #endif +#endif /* loop over the pool */ pend = pool + POOLSIZE; memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN ); @@ -367,11 +367,11 @@ read_seed_file(void) if( !seed_file_name ) return 0; - #ifdef HAVE_DOSISH_SYSTEM +#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__) fd = open( seed_file_name, O_RDONLY | O_BINARY ); - #else +#else fd = open( seed_file_name, O_RDONLY ); - #endif +#endif if( fd == -1 && errno == ENOENT) { allow_seed_file_update = 1; return 0; @@ -457,12 +457,12 @@ update_random_seed_file() mix_pool(rndpool); rndstats.mixrnd++; mix_pool(keypool); rndstats.mixkey++; - #ifdef HAVE_DOSISH_SYSTEM +#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__) fd = open( seed_file_name, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, S_IRUSR|S_IWUSR ); - #else +#else fd = open( seed_file_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR ); - #endif +#endif if( fd == -1 ) { log_info(_("can't create `%s': %s\n"), seed_file_name, strerror(errno) ); return; @@ -564,7 +564,7 @@ read_pool( byte *buffer, size_t length, int level ) if( pool_balance < 0 ) pool_balance = 0; /* and clear the keypool */ - memset( keypool, 0, POOLSIZE ); + wipememory(keypool, POOLSIZE); } } @@ -673,7 +673,7 @@ fast_random_poll() getrusage( RUSAGE_SELF, &buf ); add_randomness( &buf, sizeof buf, 1 ); - memset( &buf, 0, sizeof buf ); + wipememory( &buf, sizeof buf ); } #endif #endif diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 62c5bc23a..a30cd5fee 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -1713,7 +1713,7 @@ burn_stack (int bytes) { char buf[64]; - memset (buf, 0, sizeof buf); + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) burn_stack (bytes); diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 54dec6a15..d8e8584a3 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -146,7 +146,7 @@ burn_stack (int bytes) { char buf[150]; - memset (buf, 0, sizeof buf); + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) burn_stack (bytes); diff --git a/cipher/rndegd.c b/cipher/rndegd.c index 5f71ab858..df31ce189 100644 --- a/cipher/rndegd.c +++ b/cipher/rndegd.c @@ -221,7 +221,7 @@ rndegd_gather_random( void (*add)(const void*, size_t, int), int requester, (*add)( buffer, n, requester ); length -= n; } - memset(buffer, 0, sizeof(buffer) ); + wipememory(buffer, sizeof(buffer) ); return 0; /* success */ } diff --git a/cipher/rndlinux.c b/cipher/rndlinux.c index c31b7f71c..2b28e4b6a 100644 --- a/cipher/rndlinux.c +++ b/cipher/rndlinux.c @@ -156,7 +156,7 @@ _("\n" (*add)( buffer, n, requester ); length -= n; } - memset(buffer, 0, sizeof(buffer) ); + wipememory(buffer, sizeof(buffer) ); return 0; /* success */ } diff --git a/cipher/rndw32.c b/cipher/rndw32.c index c5f855ca6..4ed4f772f 100644 --- a/cipher/rndw32.c +++ b/cipher/rndw32.c @@ -70,9 +70,6 @@ #include #include -#ifdef __CYGWIN32__ -# include -#endif #include "types.h" diff --git a/cipher/sha1.c b/cipher/sha1.c index 06ca2532b..149c4c170 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -54,7 +54,7 @@ burn_stack (int bytes) { char buf[128]; - memset (buf, 0, sizeof buf); + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) burn_stack (bytes); diff --git a/cipher/tiger.c b/cipher/tiger.c index 1bb3375ed..54cafe578 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -635,7 +635,7 @@ burn_stack (int bytes) { char buf[256]; - memset (buf, 0, sizeof buf); + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) burn_stack (bytes); diff --git a/cipher/twofish.c b/cipher/twofish.c index 5ed44872c..a6a571ff0 100644 --- a/cipher/twofish.c +++ b/cipher/twofish.c @@ -550,7 +550,7 @@ burn_stack (int bytes) { char buf[64]; - memset (buf, 0, sizeof buf); + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) burn_stack (bytes);