more usages for ZEND_SECURE_ZERO()

diff --git a/ext/hash/hash.c b/ext/hash/hash.c
index 5a4529d0f565959ff60389eb75906649b3db1b7a..17a8e48feb27be30a4e9af2459041c6d1f5f7452 100644 (file)
--- a/ext/hash/hash.c
+++ b/ext/hash/hash.c
@@ -287,7 +287,7 @@ static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename,
        php_hash_hmac_round((unsigned char *) digest->val, ops, context, K, (unsigned char *) digest->val, ops->digest_size);
 
        /* Zero the key */
-       memset(K, 0, ops->block_size);
+       ZEND_SECURE_ZERO(K, ops->block_size);
        efree(K);
        efree(context);
 
@@ -515,7 +515,7 @@ PHP_FUNCTION(hash_final)
                hash->ops->hash_final((unsigned char *) digest->val, hash->context);
 
                /* Zero the key */
-               memset(hash->key, 0, hash->ops->block_size);
+               ZEND_SECURE_ZERO(hash->key, hash->ops->block_size);
                efree(hash->key);
                hash->key = NULL;
        }
@@ -698,9 +698,9 @@ PHP_FUNCTION(hash_pbkdf2)
                memcpy(result + ((i - 1) * ops->digest_size), temp, ops->digest_size);
        }
        /* Zero potentially sensitive variables */
-       memset(K1, 0, ops->block_size);
-       memset(K2, 0, ops->block_size);
-       memset(computed_salt, 0, salt_len + 4);
+       ZEND_SECURE_ZERO(K1, ops->block_size);
+       ZEND_SECURE_ZERO(K2, ops->block_size);
+       ZEND_SECURE_ZERO(computed_salt, salt_len + 4);
        efree(K1);
        efree(K2);
        efree(computed_salt);
@@ -975,7 +975,7 @@ PHP_FUNCTION(mhash_keygen_s2k)
                                }
 
                                RETVAL_STRINGL(key, bytes);
-                               memset(key, 0, bytes);
+                               ZEND_SECURE_ZERO(key, bytes);
                                efree(digest);
                                efree(context);
                                efree(key);

diff --git a/ext/hash/hash_gost.c b/ext/hash/hash_gost.c
index bda9579830a2feb867d6f867145db4e670d4b372..034d45f7d977887fca25c1e9c82ab29a442a3a05 100644 (file)
--- a/ext/hash/hash_gost.c
+++ b/ext/hash/hash_gost.c
@@ -281,7 +281,7 @@ PHP_HASH_API void PHP_GOSTUpdate(PHP_GOST_CTX *context, const unsigned char *inp
                }
                
                memcpy(context->buffer, input + i, r);
-               memset(&context->buffer[r], 0, 32 - r);
+               ZEND_SECURE_ZERO(&context->buffer[r], 32 - r);
                context->length = r;
        }
 }
@@ -306,7 +306,7 @@ PHP_HASH_API void PHP_GOSTFinal(unsigned char digest[32], PHP_GOST_CTX *context)
                digest[j + 3] = (unsigned char) ((context->state[i] >> 24) & 0xff);
        }
        
-       memset(context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO(context, sizeof(*context));
 }
 
 const php_hash_ops php_hash_gost_ops = {

diff --git a/ext/hash/hash_haval.c b/ext/hash/hash_haval.c
index 32437cecdfe516ff7f83076e2c56dca4afee452a..0d0adf7ba1132c990a2495f403d6e6ddc3a1fa8d 100644 (file)
--- a/ext/hash/hash_haval.c
+++ b/ext/hash/hash_haval.c
@@ -169,7 +169,7 @@ static void PHP_3HAVALTransform(php_hash_uint32 state[8], const unsigned char bl
        }
 
        /* Zeroize sensitive information. */
-       memset((unsigned char*) x, 0, sizeof(x));
+       ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
 }
 /* }}} */
 
@@ -206,7 +206,7 @@ static void PHP_4HAVALTransform(php_hash_uint32 state[8], const unsigned char bl
        }
 
        /* Zeroize sensitive information. */
-       memset((unsigned char*) x, 0, sizeof(x));
+       ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
 }
 /* }}} */
 
@@ -245,7 +245,7 @@ static void PHP_5HAVALTransform(php_hash_uint32 state[8], const unsigned char bl
        }
 
        /* Zeroize sensitive information. */
-       memset((unsigned char*) x, 0, sizeof(x));
+       ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
 }
 /* }}} */
 
@@ -368,7 +368,7 @@ PHP_HASH_API void PHP_HAVAL128Final(unsigned char *digest, PHP_HAVAL_CTX * conte
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -422,7 +422,7 @@ PHP_HASH_API void PHP_HAVAL160Final(unsigned char *digest, PHP_HAVAL_CTX * conte
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -462,7 +462,7 @@ PHP_HASH_API void PHP_HAVAL192Final(unsigned char *digest, PHP_HAVAL_CTX * conte
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -503,7 +503,7 @@ PHP_HASH_API void PHP_HAVAL224Final(unsigned char *digest, PHP_HAVAL_CTX * conte
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -537,7 +537,7 @@ PHP_HASH_API void PHP_HAVAL256Final(unsigned char *digest, PHP_HAVAL_CTX * conte
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 

diff --git a/ext/hash/hash_md.c b/ext/hash/hash_md.c
index 92f97ee50624350982601980e5fb7ee2b7fe0177..0ee4a49d6dd962b3b9f2a4e40be56f8f1a178267 100644 (file)
--- a/ext/hash/hash_md.c
+++ b/ext/hash/hash_md.c
@@ -344,7 +344,7 @@ PHP_HASH_API void PHP_MD5Final(unsigned char digest[16], PHP_MD5_CTX * context)
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -437,7 +437,7 @@ const unsigned char block[64];
        state[3] += d;
 
        /* Zeroize sensitive information. */
-       memset((unsigned char*) x, 0, sizeof(x));
+       ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
 }
 /* }}} */
 
@@ -602,7 +602,7 @@ PHP_HASH_API void PHP_MD4Final(unsigned char digest[16], PHP_MD4_CTX * context)
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 

diff --git a/ext/hash/hash_ripemd.c b/ext/hash/hash_ripemd.c
index 0e0df3ac89819e6f4a534aa6087a67bd27f1e3ed..21cda2d712384cbb0a343d3ca42b7c87317ff04e 100644 (file)
--- a/ext/hash/hash_ripemd.c
+++ b/ext/hash/hash_ripemd.c
@@ -650,7 +650,7 @@ PHP_HASH_API void PHP_RIPEMD128Final(unsigned char digest[16], PHP_RIPEMD128_CTX
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -687,7 +687,7 @@ PHP_HASH_API void PHP_RIPEMD256Final(unsigned char digest[32], PHP_RIPEMD256_CTX
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -724,7 +724,7 @@ PHP_HASH_API void PHP_RIPEMD160Final(unsigned char digest[20], PHP_RIPEMD160_CTX
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -761,7 +761,7 @@ PHP_HASH_API void PHP_RIPEMD320Final(unsigned char digest[40], PHP_RIPEMD320_CTX
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 

diff --git a/ext/hash/hash_sha.c b/ext/hash/hash_sha.c
index d60a7a978023b13be4456bc6810ed4c5948ca5be..7da188e54e1dc9f8337a00069e26d633b992e5c9 100644 (file)
--- a/ext/hash/hash_sha.c
+++ b/ext/hash/hash_sha.c
@@ -321,7 +321,7 @@ static void SHA1Transform(php_hash_uint32 state[5], const unsigned char block[64
        state[4] += e;
 
        /* Zeroize sensitive information. */
-       memset((unsigned char*) x, 0, sizeof(x));
+       ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
 }
 /* }}} */
 
@@ -400,7 +400,7 @@ PHP_HASH_API void PHP_SHA1Final(unsigned char digest[20], PHP_SHA1_CTX * context
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -511,7 +511,7 @@ static void SHA256Transform(php_hash_uint32 state[8], const unsigned char block[
        state[7] += h;
 
        /* Zeroize sensitive information. */
-       memset((unsigned char*) x, 0, sizeof(x));
+       ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
 }
 /* }}} */
 
@@ -607,7 +607,7 @@ PHP_HASH_API void PHP_SHA224Final(unsigned char digest[28], PHP_SHA224_CTX * con
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -684,7 +684,7 @@ PHP_HASH_API void PHP_SHA256Final(unsigned char digest[32], PHP_SHA256_CTX * con
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -821,7 +821,7 @@ static void SHA512Transform(php_hash_uint64 state[8], const unsigned char block[
        state[7] += h;
 
        /* Zeroize sensitive information. */
-       memset((unsigned char*) x, 0, sizeof(x));
+       ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
 }
 /* }}} */
 
@@ -906,7 +906,7 @@ PHP_HASH_API void PHP_SHA384Final(unsigned char digest[48], PHP_SHA384_CTX * con
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -1020,7 +1020,7 @@ PHP_HASH_API void PHP_SHA512Final(unsigned char digest[64], PHP_SHA512_CTX * con
 
        /* Zeroize sensitive information.
         */
-       memset((unsigned char*) context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 

diff --git a/ext/hash/hash_snefru.c b/ext/hash/hash_snefru.c
index 2cf37998ad4f2b971d6e8ab22441c2e9441d1368..eaeefdf68643dcb9d73c3ceed0c2036decb69108 100644 (file)
--- a/ext/hash/hash_snefru.c
+++ b/ext/hash/hash_snefru.c
@@ -166,7 +166,7 @@ PHP_HASH_API void PHP_SNEFRUUpdate(PHP_SNEFRU_CTX *context, const unsigned char
                }
                
                memcpy(context->buffer, input + i, r);
-               memset(&context->buffer[r], 0, 32 - r);
+               ZEND_SECURE_ZERO(&context->buffer[r], 32 - r);
                context->length = r;
        }
 }
@@ -190,7 +190,7 @@ PHP_HASH_API void PHP_SNEFRUFinal(unsigned char digest[32], PHP_SNEFRU_CTX *cont
                digest[j + 3] = (unsigned char) (context->state[i] & 0xff);
        }
        
-       memset(context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO(context, sizeof(*context));
 }
 
 const php_hash_ops php_hash_snefru_ops = {

diff --git a/ext/hash/hash_tiger.c b/ext/hash/hash_tiger.c
index 78f932a745c063e0ee7f3a87c55af083788aefcb..9a036f41e6f4e9e6abf2eebca8c51dda0228fbe0 100644 (file)
--- a/ext/hash/hash_tiger.c
+++ b/ext/hash/hash_tiger.c
@@ -207,7 +207,7 @@ PHP_HASH_API void PHP_TIGERUpdate(PHP_TIGER_CTX *context, const unsigned char *i
                        i = 64 - context->length;
                        memcpy(&context->buffer[context->length], input, i);
                        tiger_compress(context->passes, ((const php_hash_uint64 *) context->buffer), context->state);
-                       memset(context->buffer, 0, 64);
+                       ZEND_SECURE_ZERO(context->buffer, 64);
                        context->passed += 512;
                }
                
@@ -216,7 +216,7 @@ PHP_HASH_API void PHP_TIGERUpdate(PHP_TIGER_CTX *context, const unsigned char *i
                        tiger_compress(context->passes, ((const php_hash_uint64 *) context->buffer), context->state);
                        context->passed += 512;
                }
-               memset(&context->buffer[r], 0, 64-r);
+               ZEND_SECURE_ZERO(&context->buffer[r], 64-r);
                memcpy(context->buffer, &input[i], r);
                context->length = r;
        }
@@ -226,21 +226,21 @@ PHP_HASH_API void PHP_TIGER128Final(unsigned char digest[16], PHP_TIGER_CTX *con
 {
        TigerFinalize(context);
        TigerDigest(digest, 16, context);
-       memset(context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO(context, sizeof(*context));
 }
 
 PHP_HASH_API void PHP_TIGER160Final(unsigned char digest[20], PHP_TIGER_CTX *context)
 {
        TigerFinalize(context);
        TigerDigest(digest, 20, context);
-       memset(context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO(context, sizeof(*context));
 }
 
 PHP_HASH_API void PHP_TIGER192Final(unsigned char digest[24], PHP_TIGER_CTX *context)
 {
        TigerFinalize(context);
        TigerDigest(digest, 24, context);
-       memset(context, 0, sizeof(*context));
+       ZEND_SECURE_ZERO(context, sizeof(*context));
 }
 
 #define PHP_HASH_TIGER_OPS(p, b) \

diff --git a/ext/hash/hash_whirlpool.c b/ext/hash/hash_whirlpool.c
index 60087aee642bead7c5115c4960d5158d5eaecb15..1a4897e31741fc1df1b11c9b21c78267b52c4d6b 100644 (file)
--- a/ext/hash/hash_whirlpool.c
+++ b/ext/hash/hash_whirlpool.c
@@ -430,7 +430,7 @@ PHP_HASH_API void PHP_WHIRLPOOLFinal(unsigned char digest[64], PHP_WHIRLPOOL_CTX
         digest += 8;
     }
     
-    memset(context, 0, sizeof(*context));
+    ZEND_SECURE_ZERO(context, sizeof(*context));
 }
 
 const php_hash_ops php_hash_whirlpool_ops = {