generalized the case with secure memory zeroing

diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h
index 93e26a190e05238afe4dac6941f1aa27a42bf7d4..1705965c6be59fe32b258c932a95de98261ba4a8 100644 (file)
--- a/Zend/zend_portability.h
+++ b/Zend/zend_portability.h
@@ -382,6 +382,12 @@ char *alloca();
 /* excpt.h on Digital Unix 4.0 defines function_table */
 #undef function_table
 
+#ifdef ZEND_WIN32
+#define ZEND_SECURE_ZERO(var, size) RtlSecureZeroMemory((var), (size))
+#else
+#define ZEND_SECURE_ZERO(var, size) memset((var), 0, (size))
+#endif
+
 #endif /* ZEND_PORTABILITY_H */
 
 /*

diff --git a/ext/hash/hash_ripemd.c b/ext/hash/hash_ripemd.c
index 16fbd12b188e0ba5fdde7dee8bc664a33b37e731..0e0df3ac89819e6f4a534aa6087a67bd27f1e3ed 100644 (file)
--- a/ext/hash/hash_ripemd.c
+++ b/ext/hash/hash_ripemd.c
@@ -244,7 +244,7 @@ static void RIPEMD128Transform(php_hash_uint32 state[4], const unsigned char blo
        state[0] = tmp;
 
        tmp = 0;
-       memset(x, 0, sizeof(x));
+       ZEND_SECURE_ZERO(x, sizeof(x));
 }
 /* }}} */
 
@@ -342,7 +342,7 @@ static void RIPEMD256Transform(php_hash_uint32 state[8], const unsigned char blo
        state[7] += dd;
 
        tmp = 0;
-       memset(x, 0, sizeof(x));
+       ZEND_SECURE_ZERO(x, sizeof(x));
 }
 /* }}} */
 
@@ -441,7 +441,7 @@ static void RIPEMD160Transform(php_hash_uint32 state[5], const unsigned char blo
        state[0] = tmp;
 
        tmp = 0;
-       memset(x, 0, sizeof(x));
+       ZEND_SECURE_ZERO(x, sizeof(x));
 }
 /* }}} */
 
@@ -549,7 +549,7 @@ static void RIPEMD320Transform(php_hash_uint32 state[10], const unsigned char bl
        state[9] += ee;
 
        tmp = 0;
-       memset(x, 0, sizeof(x));
+       ZEND_SECURE_ZERO(x, sizeof(x));
 }
 /* }}} */
 

diff --git a/ext/hash/hash_whirlpool.c b/ext/hash/hash_whirlpool.c
index ca41e523d0f38ab2a2f404180d34ec2d52107d95..60087aee642bead7c5115c4960d5158d5eaecb15 100644 (file)
--- a/ext/hash/hash_whirlpool.c
+++ b/ext/hash/hash_whirlpool.c
@@ -263,8 +263,8 @@ static void WhirlpoolTransform(PHP_WHIRLPOOL_CTX *context)
     context->state[5] ^= state[5] ^ block[5];
     context->state[6] ^= state[6] ^ block[6];
     context->state[7] ^= state[7] ^ block[7];
-    
-    memset(state, 0, sizeof(state));
+
+       ZEND_SECURE_ZERO(state, sizeof(state));
 }
 
 PHP_HASH_API void PHP_WHIRLPOOLInit(PHP_WHIRLPOOL_CTX *context)

diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c
index b2524a0767156699edc12afdf7ab56eb2ed8854a..75940482d69f4c30768fe1092354f699b384821b 100644 (file)
--- a/ext/standard/crypt.c
+++ b/ext/standard/crypt.c
@@ -207,15 +207,11 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
 
                        crypt_res = php_crypt_blowfish_rn(password, salt, output, sizeof(output));
                        if (!crypt_res) {
-                               memset(output, 0, PHP_MAX_SALT_LEN + 1);
+                               ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1);
                                return NULL;
                        } else {
                                result = zend_string_init(output, strlen(output), 0);
-#ifdef PHP_WIN32
-                               RtlSecureZeroMemory(output, PHP_MAX_SALT_LEN + 1);
-#else
-                               memset(output, 0, PHP_MAX_SALT_LEN + 1);
-#endif
+                               ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1);
                                return result;
                        }
                } else {

diff --git a/ext/standard/crypt_sha256.c b/ext/standard/crypt_sha256.c
index bf07eaa3209a64f9775d62b91290adcd265b05e1..826b4d1593e9da9444bfe2154b59bad219292576 100644 (file)
--- a/ext/standard/crypt_sha256.c
+++ b/ext/standard/crypt_sha256.c
@@ -571,33 +571,18 @@ char * php_sha256_crypt_r(const char *key, const char *salt, char *buffer, int b
      inside the SHA256 implementation as well.  */
        sha256_init_ctx(&ctx);
        sha256_finish_ctx(&ctx, alt_result);
-#ifdef PHP_WIN32
-       RtlSecureZeroMemory(temp_result, sizeof(temp_result));
-       RtlSecureZeroMemory(p_bytes, key_len);
-       RtlSecureZeroMemory(s_bytes, salt_len);
-       RtlSecureZeroMemory(&ctx, sizeof(ctx));
-       RtlSecureZeroMemory(&alt_ctx, sizeof(alt_ctx));
-
-       if (copied_key != NULL) {
-               RtlSecureZeroMemory(copied_key, key_len);
-       }
-       if (copied_salt != NULL) {
-               RtlSecureZeroMemory(copied_salt, salt_len);
-       }
-#else
-       memset(temp_result, '\0', sizeof(temp_result));
-       memset(p_bytes, '\0', key_len);
-       memset(s_bytes, '\0', salt_len);
-       memset(&ctx, '\0', sizeof(ctx));
-       memset(&alt_ctx, '\0', sizeof(alt_ctx));
+       ZEND_SECURE_ZERO(temp_result, sizeof(temp_result));
+       ZEND_SECURE_ZERO(p_bytes, key_len);
+       ZEND_SECURE_ZERO(s_bytes, salt_len);
+       ZEND_SECURE_ZERO(&ctx, sizeof(ctx));
+       ZEND_SECURE_ZERO(&alt_ctx, sizeof(alt_ctx));
 
        if (copied_key != NULL) {
-               memset(copied_key, '\0', key_len);
+               ZEND_SECURE_ZERO(copied_key, key_len);
        }
        if (copied_salt != NULL) {
-               memset(copied_salt, '\0', salt_len);
+               ZEND_SECURE_ZERO(copied_salt, salt_len);
        }
-#endif
 
        return buffer;
 }

diff --git a/ext/standard/crypt_sha512.c b/ext/standard/crypt_sha512.c
index 0b6c338d6123dd367157ecc188159892d4d959f3..9e5def38c5836c54dab3b03dbdf3481fbd7808ef 100644 (file)
--- a/ext/standard/crypt_sha512.c
+++ b/ext/standard/crypt_sha512.c
@@ -619,31 +619,17 @@ php_sha512_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
         inside the SHA512 implementation as well.  */
        sha512_init_ctx(&ctx);
        sha512_finish_ctx(&ctx, alt_result);
-#ifdef PHP_WIN32
-       RtlSecureZeroMemory(temp_result, sizeof(temp_result));
-       RtlSecureZeroMemory(p_bytes, key_len);
-       RtlSecureZeroMemory(s_bytes, salt_len);
-       RtlSecureZeroMemory(&ctx, sizeof(ctx));
-       RtlSecureZeroMemory(&alt_ctx, sizeof(alt_ctx));
+       ZEND_SECURE_ZERO(temp_result, sizeof(temp_result));
+       ZEND_SECURE_ZERO(p_bytes, key_len);
+       ZEND_SECURE_ZERO(s_bytes, salt_len);
+       ZEND_SECURE_ZERO(&ctx, sizeof(ctx));
+       ZEND_SECURE_ZERO(&alt_ctx, sizeof(alt_ctx));
        if (copied_key != NULL) {
-               RtlSecureZeroMemory(copied_key, key_len);
+               ZEND_SECURE_ZERO(copied_key, key_len);
        }
        if (copied_salt != NULL) {
-               RtlSecureZeroMemory(copied_salt, salt_len);
-       }
-#else
-       memset(temp_result, '\0', sizeof(temp_result));
-       memset(p_bytes, '\0', key_len);
-       memset(s_bytes, '\0', salt_len);
-       memset(&ctx, '\0', sizeof(ctx));
-       memset(&alt_ctx, '\0', sizeof(alt_ctx));
-       if (copied_key != NULL) {
-               memset(copied_key, '\0', key_len);
+               ZEND_SECURE_ZERO(copied_salt, salt_len);
        }
-       if (copied_salt != NULL) {
-               memset(copied_salt, '\0', salt_len);
-       }
-#endif
 
        return buffer;
 }

diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
index 4917ebce2fb7e970ba55e3170e45fc8acedd7b8d..da0e87bc1c574026467fae671282f49c03cacd48 100644 (file)
--- a/ext/standard/php_crypt_r.c
+++ b/ext/standard/php_crypt_r.c
@@ -206,7 +206,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
        }
 
        /* Don't leave anything around in vm they could use. */
-       RtlSecureZeroMemory(final, sizeof(final));
+       ZEND_SECURE_ZERO(final, sizeof(final));
 
        /* Then something really weird... */
        for (i = pwl; i != 0; i >>= 1) {
@@ -288,7 +288,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
 
        *p = '\0';
 
-       RtlSecureZeroMemory(final, sizeof(final));
+       ZEND_SECURE_ZERO(final, sizeof(final));
 
 
 _destroyCtx1: