From: Anatol Belski Date: Thu, 18 Sep 2014 23:59:55 +0000 (+0200) Subject: more usages for ZEND_SECURE_ZERO() X-Git-Tag: POST_NATIVE_TLS_MERGE^2~205 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=55d5bace0e58a050c6f849a72f732ac6a26e46b1;p=php more usages for ZEND_SECURE_ZERO() --- diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 5a4529d0f5..17a8e48feb 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -287,7 +287,7 @@ static void php_hash_do_hash_hmac(INTERNAL_FUNCTION_PARAMETERS, int isfilename, php_hash_hmac_round((unsigned char *) digest->val, ops, context, K, (unsigned char *) digest->val, ops->digest_size); /* Zero the key */ - memset(K, 0, ops->block_size); + ZEND_SECURE_ZERO(K, ops->block_size); efree(K); efree(context); @@ -515,7 +515,7 @@ PHP_FUNCTION(hash_final) hash->ops->hash_final((unsigned char *) digest->val, hash->context); /* Zero the key */ - memset(hash->key, 0, hash->ops->block_size); + ZEND_SECURE_ZERO(hash->key, hash->ops->block_size); efree(hash->key); hash->key = NULL; } @@ -698,9 +698,9 @@ PHP_FUNCTION(hash_pbkdf2) memcpy(result + ((i - 1) * ops->digest_size), temp, ops->digest_size); } /* Zero potentially sensitive variables */ - memset(K1, 0, ops->block_size); - memset(K2, 0, ops->block_size); - memset(computed_salt, 0, salt_len + 4); + ZEND_SECURE_ZERO(K1, ops->block_size); + ZEND_SECURE_ZERO(K2, ops->block_size); + ZEND_SECURE_ZERO(computed_salt, salt_len + 4); efree(K1); efree(K2); efree(computed_salt); @@ -975,7 +975,7 @@ PHP_FUNCTION(mhash_keygen_s2k) } RETVAL_STRINGL(key, bytes); - memset(key, 0, bytes); + ZEND_SECURE_ZERO(key, bytes); efree(digest); efree(context); efree(key); diff --git a/ext/hash/hash_gost.c b/ext/hash/hash_gost.c index bda9579830..034d45f7d9 100644 --- a/ext/hash/hash_gost.c +++ b/ext/hash/hash_gost.c @@ -281,7 +281,7 @@ PHP_HASH_API void PHP_GOSTUpdate(PHP_GOST_CTX *context, const unsigned char *inp } memcpy(context->buffer, input + i, r); - memset(&context->buffer[r], 0, 32 - r); + ZEND_SECURE_ZERO(&context->buffer[r], 32 - r); context->length = r; } } @@ -306,7 +306,7 @@ PHP_HASH_API void PHP_GOSTFinal(unsigned char digest[32], PHP_GOST_CTX *context) digest[j + 3] = (unsigned char) ((context->state[i] >> 24) & 0xff); } - memset(context, 0, sizeof(*context)); + ZEND_SECURE_ZERO(context, sizeof(*context)); } const php_hash_ops php_hash_gost_ops = { diff --git a/ext/hash/hash_haval.c b/ext/hash/hash_haval.c index 32437cecdf..0d0adf7ba1 100644 --- a/ext/hash/hash_haval.c +++ b/ext/hash/hash_haval.c @@ -169,7 +169,7 @@ static void PHP_3HAVALTransform(php_hash_uint32 state[8], const unsigned char bl } /* Zeroize sensitive information. */ - memset((unsigned char*) x, 0, sizeof(x)); + ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x)); } /* }}} */ @@ -206,7 +206,7 @@ static void PHP_4HAVALTransform(php_hash_uint32 state[8], const unsigned char bl } /* Zeroize sensitive information. */ - memset((unsigned char*) x, 0, sizeof(x)); + ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x)); } /* }}} */ @@ -245,7 +245,7 @@ static void PHP_5HAVALTransform(php_hash_uint32 state[8], const unsigned char bl } /* Zeroize sensitive information. */ - memset((unsigned char*) x, 0, sizeof(x)); + ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x)); } /* }}} */ @@ -368,7 +368,7 @@ PHP_HASH_API void PHP_HAVAL128Final(unsigned char *digest, PHP_HAVAL_CTX * conte /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -422,7 +422,7 @@ PHP_HASH_API void PHP_HAVAL160Final(unsigned char *digest, PHP_HAVAL_CTX * conte /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -462,7 +462,7 @@ PHP_HASH_API void PHP_HAVAL192Final(unsigned char *digest, PHP_HAVAL_CTX * conte /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -503,7 +503,7 @@ PHP_HASH_API void PHP_HAVAL224Final(unsigned char *digest, PHP_HAVAL_CTX * conte /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -537,7 +537,7 @@ PHP_HASH_API void PHP_HAVAL256Final(unsigned char *digest, PHP_HAVAL_CTX * conte /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ diff --git a/ext/hash/hash_md.c b/ext/hash/hash_md.c index 92f97ee506..0ee4a49d6d 100644 --- a/ext/hash/hash_md.c +++ b/ext/hash/hash_md.c @@ -344,7 +344,7 @@ PHP_HASH_API void PHP_MD5Final(unsigned char digest[16], PHP_MD5_CTX * context) /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -437,7 +437,7 @@ const unsigned char block[64]; state[3] += d; /* Zeroize sensitive information. */ - memset((unsigned char*) x, 0, sizeof(x)); + ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x)); } /* }}} */ @@ -602,7 +602,7 @@ PHP_HASH_API void PHP_MD4Final(unsigned char digest[16], PHP_MD4_CTX * context) /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ diff --git a/ext/hash/hash_ripemd.c b/ext/hash/hash_ripemd.c index 0e0df3ac89..21cda2d712 100644 --- a/ext/hash/hash_ripemd.c +++ b/ext/hash/hash_ripemd.c @@ -650,7 +650,7 @@ PHP_HASH_API void PHP_RIPEMD128Final(unsigned char digest[16], PHP_RIPEMD128_CTX /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -687,7 +687,7 @@ PHP_HASH_API void PHP_RIPEMD256Final(unsigned char digest[32], PHP_RIPEMD256_CTX /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -724,7 +724,7 @@ PHP_HASH_API void PHP_RIPEMD160Final(unsigned char digest[20], PHP_RIPEMD160_CTX /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -761,7 +761,7 @@ PHP_HASH_API void PHP_RIPEMD320Final(unsigned char digest[40], PHP_RIPEMD320_CTX /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ diff --git a/ext/hash/hash_sha.c b/ext/hash/hash_sha.c index d60a7a9780..7da188e54e 100644 --- a/ext/hash/hash_sha.c +++ b/ext/hash/hash_sha.c @@ -321,7 +321,7 @@ static void SHA1Transform(php_hash_uint32 state[5], const unsigned char block[64 state[4] += e; /* Zeroize sensitive information. */ - memset((unsigned char*) x, 0, sizeof(x)); + ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x)); } /* }}} */ @@ -400,7 +400,7 @@ PHP_HASH_API void PHP_SHA1Final(unsigned char digest[20], PHP_SHA1_CTX * context /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -511,7 +511,7 @@ static void SHA256Transform(php_hash_uint32 state[8], const unsigned char block[ state[7] += h; /* Zeroize sensitive information. */ - memset((unsigned char*) x, 0, sizeof(x)); + ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x)); } /* }}} */ @@ -607,7 +607,7 @@ PHP_HASH_API void PHP_SHA224Final(unsigned char digest[28], PHP_SHA224_CTX * con /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -684,7 +684,7 @@ PHP_HASH_API void PHP_SHA256Final(unsigned char digest[32], PHP_SHA256_CTX * con /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -821,7 +821,7 @@ static void SHA512Transform(php_hash_uint64 state[8], const unsigned char block[ state[7] += h; /* Zeroize sensitive information. */ - memset((unsigned char*) x, 0, sizeof(x)); + ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x)); } /* }}} */ @@ -906,7 +906,7 @@ PHP_HASH_API void PHP_SHA384Final(unsigned char digest[48], PHP_SHA384_CTX * con /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ @@ -1020,7 +1020,7 @@ PHP_HASH_API void PHP_SHA512Final(unsigned char digest[64], PHP_SHA512_CTX * con /* Zeroize sensitive information. */ - memset((unsigned char*) context, 0, sizeof(*context)); + ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); } /* }}} */ diff --git a/ext/hash/hash_snefru.c b/ext/hash/hash_snefru.c index 2cf37998ad..eaeefdf686 100644 --- a/ext/hash/hash_snefru.c +++ b/ext/hash/hash_snefru.c @@ -166,7 +166,7 @@ PHP_HASH_API void PHP_SNEFRUUpdate(PHP_SNEFRU_CTX *context, const unsigned char } memcpy(context->buffer, input + i, r); - memset(&context->buffer[r], 0, 32 - r); + ZEND_SECURE_ZERO(&context->buffer[r], 32 - r); context->length = r; } } @@ -190,7 +190,7 @@ PHP_HASH_API void PHP_SNEFRUFinal(unsigned char digest[32], PHP_SNEFRU_CTX *cont digest[j + 3] = (unsigned char) (context->state[i] & 0xff); } - memset(context, 0, sizeof(*context)); + ZEND_SECURE_ZERO(context, sizeof(*context)); } const php_hash_ops php_hash_snefru_ops = { diff --git a/ext/hash/hash_tiger.c b/ext/hash/hash_tiger.c index 78f932a745..9a036f41e6 100644 --- a/ext/hash/hash_tiger.c +++ b/ext/hash/hash_tiger.c @@ -207,7 +207,7 @@ PHP_HASH_API void PHP_TIGERUpdate(PHP_TIGER_CTX *context, const unsigned char *i i = 64 - context->length; memcpy(&context->buffer[context->length], input, i); tiger_compress(context->passes, ((const php_hash_uint64 *) context->buffer), context->state); - memset(context->buffer, 0, 64); + ZEND_SECURE_ZERO(context->buffer, 64); context->passed += 512; } @@ -216,7 +216,7 @@ PHP_HASH_API void PHP_TIGERUpdate(PHP_TIGER_CTX *context, const unsigned char *i tiger_compress(context->passes, ((const php_hash_uint64 *) context->buffer), context->state); context->passed += 512; } - memset(&context->buffer[r], 0, 64-r); + ZEND_SECURE_ZERO(&context->buffer[r], 64-r); memcpy(context->buffer, &input[i], r); context->length = r; } @@ -226,21 +226,21 @@ PHP_HASH_API void PHP_TIGER128Final(unsigned char digest[16], PHP_TIGER_CTX *con { TigerFinalize(context); TigerDigest(digest, 16, context); - memset(context, 0, sizeof(*context)); + ZEND_SECURE_ZERO(context, sizeof(*context)); } PHP_HASH_API void PHP_TIGER160Final(unsigned char digest[20], PHP_TIGER_CTX *context) { TigerFinalize(context); TigerDigest(digest, 20, context); - memset(context, 0, sizeof(*context)); + ZEND_SECURE_ZERO(context, sizeof(*context)); } PHP_HASH_API void PHP_TIGER192Final(unsigned char digest[24], PHP_TIGER_CTX *context) { TigerFinalize(context); TigerDigest(digest, 24, context); - memset(context, 0, sizeof(*context)); + ZEND_SECURE_ZERO(context, sizeof(*context)); } #define PHP_HASH_TIGER_OPS(p, b) \ diff --git a/ext/hash/hash_whirlpool.c b/ext/hash/hash_whirlpool.c index 60087aee64..1a4897e317 100644 --- a/ext/hash/hash_whirlpool.c +++ b/ext/hash/hash_whirlpool.c @@ -430,7 +430,7 @@ PHP_HASH_API void PHP_WHIRLPOOLFinal(unsigned char digest[64], PHP_WHIRLPOOL_CTX digest += 8; } - memset(context, 0, sizeof(*context)); + ZEND_SECURE_ZERO(context, sizeof(*context)); } const php_hash_ops php_hash_whirlpool_ops = {