mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-12-19 00:48:43 +09:00
Replace explicit_bzero with ssh_burn
Signed-off-by: abdallah elhdad <abdallahselhdad@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
abdallah elhdad
committed by
Jakub Jelen
Jakub Jelen
parent
0ef79018b3
commit
64f72ed55f
@@ -139,6 +139,7 @@ check_function_exists(strncpy HAVE_STRNCPY)
|
||||
check_function_exists(strndup HAVE_STRNDUP)
|
||||
check_function_exists(strtoull HAVE_STRTOULL)
|
||||
check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
|
||||
check_function_exists(memset_explicit HAVE_MEMSET_EXPLICIT)
|
||||
check_function_exists(memset_s HAVE_MEMSET_S)
|
||||
|
||||
if (HAVE_GLOB_H)
|
||||
|
||||
@@ -179,6 +179,9 @@
|
||||
/* Define to 1 if you have the `explicit_bzero' function. */
|
||||
#cmakedefine HAVE_EXPLICIT_BZERO 1
|
||||
|
||||
/* Define to 1 if you have the `memset_explicit' function. */
|
||||
#cmakedefine HAVE_MEMSET_EXPLICIT 1
|
||||
|
||||
/* Define to 1 if you have the `memset_s' function. */
|
||||
#cmakedefine HAVE_MEMSET_S 1
|
||||
|
||||
|
||||
@@ -365,9 +365,29 @@ int ssh_connector_remove_event(ssh_connector connector);
|
||||
/** Get the size of an array */
|
||||
#define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
|
||||
|
||||
#ifndef HAVE_EXPLICIT_BZERO
|
||||
void explicit_bzero(void *s, size_t n);
|
||||
#endif /* !HAVE_EXPLICIT_BZERO */
|
||||
/** Securely zero memory in a way that won't be optimized away */
|
||||
#if defined(HAVE_MEMSET_EXPLICIT)
|
||||
#define ssh_burn(ptr, len) memset_explicit((ptr), '\0', (len))
|
||||
#elif defined(HAVE_EXPLICIT_BZERO)
|
||||
#define ssh_burn(ptr, len) explicit_bzero((ptr), (len))
|
||||
#elif defined(HAVE_MEMSET_S)
|
||||
#define ssh_burn(ptr, len) memset_s((ptr), (len), '\0', (len))
|
||||
#elif defined(HAVE_SECURE_ZERO_MEMORY)
|
||||
#define ssh_burn(ptr, len) SecureZeroMemory((ptr), (len))
|
||||
#else
|
||||
#if defined(HAVE_GCC_VOLATILE_MEMORY_PROTECTION)
|
||||
#define ssh_burn(ptr, len) \
|
||||
do { \
|
||||
memset((ptr), '\0', (len)); \
|
||||
__asm__ volatile("" : : "g"(ptr) : "memory"); \
|
||||
} while (0)
|
||||
#else
|
||||
#define ssh_burn(ptr, len) \
|
||||
do { \
|
||||
memset((ptr), '\0', (len)); \
|
||||
} while (0)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
void burn_free(void *ptr, size_t len);
|
||||
|
||||
|
||||
12
src/auth.c
12
src/auth.c
@@ -1845,7 +1845,7 @@ void ssh_kbdint_free(ssh_kbdint kbd)
|
||||
if (kbd->prompts) {
|
||||
for (i = 0; i < n; i++) {
|
||||
if (kbd->prompts[i] != NULL) {
|
||||
explicit_bzero(kbd->prompts[i], strlen(kbd->prompts[i]));
|
||||
ssh_burn(kbd->prompts[i], strlen(kbd->prompts[i]));
|
||||
}
|
||||
SAFE_FREE(kbd->prompts[i]);
|
||||
}
|
||||
@@ -1856,7 +1856,7 @@ void ssh_kbdint_free(ssh_kbdint kbd)
|
||||
if (kbd->answers) {
|
||||
for (i = 0; i < n; i++) {
|
||||
if (kbd->answers[i] != NULL) {
|
||||
explicit_bzero(kbd->answers[i], strlen(kbd->answers[i]));
|
||||
ssh_burn(kbd->answers[i], strlen(kbd->answers[i]));
|
||||
}
|
||||
SAFE_FREE(kbd->answers[i]);
|
||||
}
|
||||
@@ -1881,7 +1881,7 @@ void ssh_kbdint_clean(ssh_kbdint kbd)
|
||||
n = kbd->nprompts;
|
||||
if (kbd->prompts) {
|
||||
for (i = 0; i < n; i++) {
|
||||
explicit_bzero(kbd->prompts[i], strlen(kbd->prompts[i]));
|
||||
ssh_burn(kbd->prompts[i], strlen(kbd->prompts[i]));
|
||||
SAFE_FREE(kbd->prompts[i]);
|
||||
}
|
||||
SAFE_FREE(kbd->prompts);
|
||||
@@ -1891,7 +1891,7 @@ void ssh_kbdint_clean(ssh_kbdint kbd)
|
||||
|
||||
if (kbd->answers) {
|
||||
for (i = 0; i < n; i++) {
|
||||
explicit_bzero(kbd->answers[i], strlen(kbd->answers[i]));
|
||||
ssh_burn(kbd->answers[i], strlen(kbd->answers[i]));
|
||||
SAFE_FREE(kbd->answers[i]);
|
||||
}
|
||||
SAFE_FREE(kbd->answers);
|
||||
@@ -2372,8 +2372,8 @@ ssh_userauth_kbdint_setanswer(ssh_session session, unsigned int i,
|
||||
}
|
||||
|
||||
if (session->kbdint->answers[i]) {
|
||||
explicit_bzero(session->kbdint->answers[i],
|
||||
strlen(session->kbdint->answers[i]));
|
||||
ssh_burn(session->kbdint->answers[i],
|
||||
strlen(session->kbdint->answers[i]));
|
||||
SAFE_FREE(session->kbdint->answers[i]);
|
||||
}
|
||||
|
||||
|
||||
22
src/buffer.c
22
src/buffer.c
@@ -156,10 +156,10 @@ void ssh_buffer_free(struct ssh_buffer_struct *buffer)
|
||||
|
||||
if (buffer->secure && buffer->allocated > 0) {
|
||||
/* burn the data */
|
||||
explicit_bzero(buffer->data, buffer->allocated);
|
||||
ssh_burn(buffer->data, buffer->allocated);
|
||||
SAFE_FREE(buffer->data);
|
||||
|
||||
explicit_bzero(buffer, sizeof(struct ssh_buffer_struct));
|
||||
ssh_burn(buffer, sizeof(struct ssh_buffer_struct));
|
||||
} else {
|
||||
SAFE_FREE(buffer->data);
|
||||
}
|
||||
@@ -205,7 +205,7 @@ static int realloc_buffer(struct ssh_buffer_struct *buffer, uint32_t needed)
|
||||
return -1;
|
||||
}
|
||||
memcpy(new, buffer->data, buffer->used);
|
||||
explicit_bzero(buffer->data, buffer->used);
|
||||
ssh_burn(buffer->data, buffer->used);
|
||||
SAFE_FREE(buffer->data);
|
||||
} else {
|
||||
new = realloc(buffer->data, needed);
|
||||
@@ -241,7 +241,7 @@ static void buffer_shift(ssh_buffer buffer)
|
||||
|
||||
if (buffer->secure) {
|
||||
void *ptr = buffer->data + buffer->used;
|
||||
explicit_bzero(ptr, burn_pos);
|
||||
ssh_burn(ptr, burn_pos);
|
||||
}
|
||||
|
||||
buffer_verify(buffer);
|
||||
@@ -266,7 +266,7 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
|
||||
buffer_verify(buffer);
|
||||
|
||||
if (buffer->secure && buffer->allocated > 0) {
|
||||
explicit_bzero(buffer->data, buffer->allocated);
|
||||
ssh_burn(buffer->data, buffer->allocated);
|
||||
}
|
||||
buffer->used = 0;
|
||||
buffer->pos = 0;
|
||||
@@ -1352,28 +1352,28 @@ cleanup:
|
||||
case 'b':
|
||||
o.byte = va_arg(ap_copy, uint8_t *);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(o.byte, sizeof(uint8_t));
|
||||
ssh_burn(o.byte, sizeof(uint8_t));
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case 'w':
|
||||
o.word = va_arg(ap_copy, uint16_t *);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(o.word, sizeof(uint16_t));
|
||||
ssh_burn(o.word, sizeof(uint16_t));
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case 'd':
|
||||
o.dword = va_arg(ap_copy, uint32_t *);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(o.dword, sizeof(uint32_t));
|
||||
ssh_burn(o.dword, sizeof(uint32_t));
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case 'q':
|
||||
o.qword = va_arg(ap_copy, uint64_t *);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(o.qword, sizeof(uint64_t));
|
||||
ssh_burn(o.qword, sizeof(uint64_t));
|
||||
break;
|
||||
}
|
||||
break;
|
||||
@@ -1391,7 +1391,7 @@ cleanup:
|
||||
case 's':
|
||||
o.cstring = va_arg(ap_copy, char **);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(*o.cstring, strlen(*o.cstring));
|
||||
ssh_burn(*o.cstring, strlen(*o.cstring));
|
||||
}
|
||||
SAFE_FREE(*o.cstring);
|
||||
break;
|
||||
@@ -1399,7 +1399,7 @@ cleanup:
|
||||
len = va_arg(ap_copy, size_t);
|
||||
o.data = va_arg(ap_copy, void **);
|
||||
if (buffer->secure) {
|
||||
explicit_bzero(*o.data, len);
|
||||
ssh_burn(*o.data, len);
|
||||
}
|
||||
SAFE_FREE(*o.data);
|
||||
break;
|
||||
|
||||
14
src/external/bcrypt_pbkdf.c
vendored
14
src/external/bcrypt_pbkdf.c
vendored
@@ -97,8 +97,8 @@ bcrypt_hash(ssh_blf_ctx *state, uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *o
|
||||
}
|
||||
|
||||
/* zap */
|
||||
explicit_bzero(ciphertext, sizeof(ciphertext));
|
||||
explicit_bzero(cdata, sizeof(cdata));
|
||||
ssh_burn(ciphertext, sizeof(ciphertext));
|
||||
ssh_burn(cdata, sizeof(cdata));
|
||||
}
|
||||
|
||||
int
|
||||
@@ -180,12 +180,12 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
|
||||
}
|
||||
|
||||
/* zap */
|
||||
explicit_bzero(out, sizeof(out));
|
||||
explicit_bzero(state, sizeof(*state));
|
||||
ssh_burn(out, sizeof(out));
|
||||
ssh_burn(state, sizeof(*state));
|
||||
|
||||
free(state);
|
||||
free(countsalt);
|
||||
free(state);
|
||||
free(countsalt);
|
||||
|
||||
return 0;
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_BCRYPT_PBKDF */
|
||||
|
||||
@@ -88,7 +88,7 @@ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
|
||||
fprintf(stdout, "\nVerifying, please re-enter. %s", prompt);
|
||||
fflush(stdout);
|
||||
if (!fgets(key_string, (int)len, stdin)) {
|
||||
explicit_bzero(key_string, len);
|
||||
ssh_burn(key_string, len);
|
||||
SAFE_FREE(key_string);
|
||||
clearerr(stdin);
|
||||
continue;
|
||||
@@ -99,17 +99,17 @@ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
|
||||
fprintf(stdout, "\n");
|
||||
if (strcmp(buf, key_string)) {
|
||||
printf("\n\07\07Mismatch - try again\n");
|
||||
explicit_bzero(key_string, len);
|
||||
ssh_burn(key_string, len);
|
||||
SAFE_FREE(key_string);
|
||||
fflush(stdout);
|
||||
continue;
|
||||
}
|
||||
explicit_bzero(key_string, len);
|
||||
ssh_burn(key_string, len);
|
||||
SAFE_FREE(key_string);
|
||||
}
|
||||
ok = 1;
|
||||
}
|
||||
explicit_bzero(tmp, len);
|
||||
ssh_burn(tmp, len);
|
||||
free(tmp);
|
||||
|
||||
return ok;
|
||||
@@ -152,7 +152,7 @@ int ssh_getpass(const char *prompt,
|
||||
SetConsoleMode(h, mode);
|
||||
|
||||
if (!ok) {
|
||||
explicit_bzero(buf, len);
|
||||
ssh_burn(buf, len);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -282,7 +282,7 @@ int ssh_getpass(const char *prompt,
|
||||
}
|
||||
|
||||
if (!ok) {
|
||||
explicit_bzero(buf, len);
|
||||
ssh_burn(buf, len);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@@ -487,7 +487,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_hybrid_mlkem_reply)
|
||||
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
|
||||
|
||||
cleanup:
|
||||
explicit_bzero(mlkem_shared_secret, sizeof(mlkem_shared_secret));
|
||||
ssh_burn(mlkem_shared_secret, sizeof(mlkem_shared_secret));
|
||||
ssh_string_burn(ecdh_shared_secret);
|
||||
ssh_string_free(ecdh_shared_secret);
|
||||
ssh_string_free(pubkey_blob);
|
||||
@@ -851,7 +851,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_hybrid_mlkem_init)
|
||||
session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
|
||||
|
||||
cleanup:
|
||||
explicit_bzero(mlkem_shared_secret, sizeof(mlkem_shared_secret));
|
||||
ssh_burn(mlkem_shared_secret, sizeof(mlkem_shared_secret));
|
||||
ssh_string_burn(ecdh_shared_secret);
|
||||
ssh_string_free(ecdh_shared_secret);
|
||||
ssh_string_free(pubkey_blob);
|
||||
|
||||
@@ -970,7 +970,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
|
||||
|
||||
ret = SSH_OK;
|
||||
out:
|
||||
explicit_bzero(poly_key, sizeof(poly_key));
|
||||
ssh_burn(poly_key, sizeof(poly_key));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -602,7 +602,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
|
||||
}
|
||||
|
||||
out:
|
||||
explicit_bzero(poly_key, sizeof(poly_key));
|
||||
ssh_burn(poly_key, sizeof(poly_key));
|
||||
}
|
||||
|
||||
static int chacha20_poly1305_aead_decrypt_length(
|
||||
@@ -714,7 +714,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
|
||||
ret = SSH_OK;
|
||||
|
||||
out:
|
||||
explicit_bzero(poly_key, sizeof(poly_key));
|
||||
ssh_burn(poly_key, sizeof(poly_key));
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_GCRYPT_CHACHA_POLY */
|
||||
|
||||
@@ -711,7 +711,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
|
||||
|
||||
ret = SSH_OK;
|
||||
out:
|
||||
explicit_bzero(poly_key, sizeof(poly_key));
|
||||
ssh_burn(poly_key, sizeof(poly_key));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -670,9 +670,9 @@ void ssh_message_free(ssh_message msg){
|
||||
SAFE_FREE(msg->auth_request.username);
|
||||
SAFE_FREE(msg->auth_request.sigtype);
|
||||
if (msg->auth_request.password) {
|
||||
explicit_bzero(msg->auth_request.password,
|
||||
strlen(msg->auth_request.password));
|
||||
SAFE_FREE(msg->auth_request.password);
|
||||
ssh_burn(msg->auth_request.password,
|
||||
strlen(msg->auth_request.password));
|
||||
SAFE_FREE(msg->auth_request.password);
|
||||
}
|
||||
ssh_key_free(msg->auth_request.pubkey);
|
||||
ssh_key_free(msg->auth_request.server_pubkey);
|
||||
@@ -1236,9 +1236,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
|
||||
uint32_t n;
|
||||
|
||||
for (n = 0; n < session->kbdint->nanswers; n++) {
|
||||
explicit_bzero(session->kbdint->answers[n],
|
||||
strlen(session->kbdint->answers[n]));
|
||||
SAFE_FREE(session->kbdint->answers[n]);
|
||||
ssh_burn(session->kbdint->answers[n],
|
||||
strlen(session->kbdint->answers[n]));
|
||||
SAFE_FREE(session->kbdint->answers[n]);
|
||||
}
|
||||
SAFE_FREE(session->kbdint->answers);
|
||||
session->kbdint->nanswers = 0;
|
||||
|
||||
19
src/misc.c
19
src/misc.c
@@ -1608,23 +1608,6 @@ int ssh_timeout_update(struct ssh_timestamp *ts, int timeout)
|
||||
return ret >= 0 ? ret: 0;
|
||||
}
|
||||
|
||||
#if !defined(HAVE_EXPLICIT_BZERO)
|
||||
void explicit_bzero(void *s, size_t n)
|
||||
{
|
||||
#if defined(HAVE_MEMSET_S)
|
||||
memset_s(s, n, '\0', n);
|
||||
#elif defined(HAVE_SECURE_ZERO_MEMORY)
|
||||
SecureZeroMemory(s, n);
|
||||
#else
|
||||
memset(s, '\0', n);
|
||||
#if defined(HAVE_GCC_VOLATILE_MEMORY_PROTECTION)
|
||||
/* See http://llvm.org/bugs/show_bug.cgi?id=15495 */
|
||||
__asm__ volatile("" : : "g"(s) : "memory");
|
||||
#endif /* HAVE_GCC_VOLATILE_MEMORY_PROTECTION */
|
||||
#endif
|
||||
}
|
||||
#endif /* !HAVE_EXPLICIT_BZERO */
|
||||
|
||||
/**
|
||||
* @brief Securely free memory by overwriting it before deallocation
|
||||
*
|
||||
@@ -1642,7 +1625,7 @@ void burn_free(void *ptr, size_t len)
|
||||
return;
|
||||
}
|
||||
|
||||
explicit_bzero(ptr, len);
|
||||
ssh_burn(ptr, len);
|
||||
free(ptr);
|
||||
}
|
||||
|
||||
|
||||
@@ -235,7 +235,7 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, size_t len)
|
||||
#endif
|
||||
}
|
||||
}
|
||||
explicit_bzero(out, len);
|
||||
ssh_burn(out, len);
|
||||
SAFE_FREE(out);
|
||||
|
||||
return crypto->hmacbuf;
|
||||
|
||||
@@ -227,7 +227,7 @@ void ssh_key_clean (ssh_key key)
|
||||
|
||||
#ifndef HAVE_LIBCRYPTO
|
||||
if (key->ed25519_privkey != NULL) {
|
||||
explicit_bzero(key->ed25519_privkey, sizeof(ed25519_privkey));
|
||||
ssh_burn(key->ed25519_privkey, sizeof(ed25519_privkey));
|
||||
SAFE_FREE(key->ed25519_privkey);
|
||||
}
|
||||
SAFE_FREE(key->ed25519_pubkey);
|
||||
@@ -3082,8 +3082,8 @@ int pki_sk_signature_buffer_prepare(const ssh_key key,
|
||||
|
||||
out:
|
||||
SSH_BUFFER_FREE(sk_buffer);
|
||||
explicit_bzero(application_hash, SHA256_DIGEST_LEN);
|
||||
explicit_bzero(input_hash, SHA256_DIGEST_LEN);
|
||||
ssh_burn(application_hash, SHA256_DIGEST_LEN);
|
||||
ssh_burn(input_hash, SHA256_DIGEST_LEN);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -208,7 +208,7 @@ static int pki_private_key_decrypt(ssh_string blob,
|
||||
if (rc < 0){
|
||||
return SSH_ERROR;
|
||||
}
|
||||
explicit_bzero(passphrase_buffer, sizeof(passphrase_buffer));
|
||||
ssh_burn(passphrase_buffer, sizeof(passphrase_buffer));
|
||||
|
||||
cipher.set_decrypt_key(&cipher,
|
||||
key_material,
|
||||
@@ -487,7 +487,7 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
|
||||
ssh_buffer_get(privkey_buffer),
|
||||
ssh_buffer_get_len(privkey_buffer));
|
||||
ssh_cipher_clear(&cipher);
|
||||
explicit_bzero(passphrase_buffer, sizeof(passphrase_buffer));
|
||||
ssh_burn(passphrase_buffer, sizeof(passphrase_buffer));
|
||||
|
||||
return SSH_OK;
|
||||
}
|
||||
@@ -653,7 +653,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
|
||||
"\n",
|
||||
OPENSSH_HEADER_END,
|
||||
"\n");
|
||||
explicit_bzero(b64, strlen((char *)b64));
|
||||
ssh_burn(b64, strlen((char *)b64));
|
||||
SAFE_FREE(b64);
|
||||
|
||||
if (rc != SSH_OK){
|
||||
@@ -677,7 +677,7 @@ error:
|
||||
ssh_string_free(blob);
|
||||
if (privkey_buffer != NULL) {
|
||||
void *bufptr = ssh_buffer_get(privkey_buffer);
|
||||
explicit_bzero(bufptr, ssh_buffer_get_len(privkey_buffer));
|
||||
ssh_burn(bufptr, ssh_buffer_get_len(privkey_buffer));
|
||||
SSH_BUFFER_FREE(privkey_buffer);
|
||||
}
|
||||
SAFE_FREE(pubkey_s);
|
||||
|
||||
@@ -1806,7 +1806,7 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
|
||||
if (rc == SSH_ERROR) {
|
||||
goto fail;
|
||||
}
|
||||
explicit_bzero(ed25519_privkey, ED25519_KEY_LEN);
|
||||
ssh_burn(ed25519_privkey, ED25519_KEY_LEN);
|
||||
SAFE_FREE(ed25519_privkey);
|
||||
} else if (type == SSH_KEY_PRIVATE &&
|
||||
key->type == SSH_KEYTYPE_SK_ED25519) {
|
||||
@@ -2038,7 +2038,7 @@ fail:
|
||||
#endif /* OPENSSL_VERSION_NUMBER */
|
||||
free(ed25519_pubkey);
|
||||
if (ed25519_privkey) {
|
||||
explicit_bzero(ed25519_privkey, ED25519_KEY_LEN);
|
||||
ssh_burn(ed25519_privkey, ED25519_KEY_LEN);
|
||||
free(ed25519_privkey);
|
||||
}
|
||||
|
||||
@@ -2231,7 +2231,7 @@ static int pki_signature_from_rsa_blob(const ssh_key pubkey,
|
||||
}
|
||||
|
||||
/* front-pad the buffer with zeroes */
|
||||
explicit_bzero(blob_padded_data, pad_len);
|
||||
ssh_burn(blob_padded_data, pad_len);
|
||||
/* fill the rest with the actual signature blob */
|
||||
memcpy(blob_padded_data + pad_len, blob_orig, len);
|
||||
|
||||
@@ -2360,17 +2360,17 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
|
||||
|
||||
sig->raw_sig = ssh_string_new(raw_sig_len);
|
||||
if (sig->raw_sig == NULL) {
|
||||
explicit_bzero(raw_sig_data, raw_sig_len);
|
||||
ssh_burn(raw_sig_data, raw_sig_len);
|
||||
goto error;
|
||||
}
|
||||
|
||||
rc = ssh_string_fill(sig->raw_sig, raw_sig_data, raw_sig_len);
|
||||
if (rc < 0) {
|
||||
explicit_bzero(raw_sig_data, raw_sig_len);
|
||||
ssh_burn(raw_sig_data, raw_sig_len);
|
||||
goto error;
|
||||
}
|
||||
|
||||
explicit_bzero(raw_sig_data, raw_sig_len);
|
||||
ssh_burn(raw_sig_data, raw_sig_len);
|
||||
SAFE_FREE(raw_sig_data);
|
||||
ECDSA_SIG_free(ecdsa_sig);
|
||||
return SSH_OK;
|
||||
@@ -2649,7 +2649,7 @@ out:
|
||||
EVP_MD_CTX_free(ctx);
|
||||
}
|
||||
if (raw_sig_data != NULL) {
|
||||
explicit_bzero(raw_sig_data, raw_sig_len);
|
||||
ssh_burn(raw_sig_data, raw_sig_len);
|
||||
}
|
||||
SAFE_FREE(raw_sig_data);
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
@@ -331,8 +331,8 @@ int pki_ed25519_verify(const ssh_key pubkey,
|
||||
hlen + ED25519_SIG_LEN,
|
||||
*pubkey->ed25519_pubkey);
|
||||
|
||||
explicit_bzero(buffer, hlen + ED25519_SIG_LEN);
|
||||
explicit_bzero(buffer2, hlen);
|
||||
ssh_burn(buffer, hlen + ED25519_SIG_LEN);
|
||||
ssh_burn(buffer2, hlen);
|
||||
SAFE_FREE(buffer);
|
||||
SAFE_FREE(buffer2);
|
||||
if (rc == 0) {
|
||||
|
||||
@@ -1297,7 +1297,7 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey, const
|
||||
blob_padded_data = (char *) ssh_string_data(sig_blob_padded);
|
||||
blob_orig = (char *) ssh_string_data(sig_blob);
|
||||
|
||||
explicit_bzero(blob_padded_data, pad_len);
|
||||
ssh_burn(blob_padded_data, pad_len);
|
||||
memcpy(blob_padded_data + pad_len, blob_orig, len);
|
||||
|
||||
sig->rsa_sig = sig_blob_padded;
|
||||
@@ -1486,7 +1486,7 @@ static ssh_string rsa_do_sign_hash(const unsigned char *digest,
|
||||
}
|
||||
|
||||
ok = ssh_string_fill(sig_blob, sig, slen);
|
||||
explicit_bzero(sig, slen);
|
||||
ssh_burn(sig, slen);
|
||||
SAFE_FREE(sig);
|
||||
if (ok < 0) {
|
||||
SSH_STRING_FREE(sig_blob);
|
||||
|
||||
14
src/pki_sk.c
14
src/pki_sk.c
@@ -350,7 +350,7 @@ int pki_sk_enroll_key(ssh_pki_ctx context,
|
||||
pin_to_use = pin_buf;
|
||||
} else {
|
||||
SSH_LOG(SSH_LOG_WARN, "Failed to fetch PIN from callback");
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
goto out;
|
||||
}
|
||||
} else {
|
||||
@@ -365,7 +365,7 @@ int pki_sk_enroll_key(ssh_pki_ctx context,
|
||||
pin_to_use,
|
||||
context->sk_callbacks_options,
|
||||
&enroll_response);
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
if (rc != SSH_OK) {
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Security key enroll callback failed: %s (%d)",
|
||||
@@ -407,7 +407,7 @@ int pki_sk_enroll_key(ssh_pki_ctx context,
|
||||
|
||||
out:
|
||||
if (challenge == random_challenge) {
|
||||
explicit_bzero(random_challenge, sizeof(random_challenge));
|
||||
ssh_burn(random_challenge, sizeof(random_challenge));
|
||||
}
|
||||
|
||||
SK_ENROLL_RESPONSE_FREE(enroll_response);
|
||||
@@ -697,7 +697,7 @@ ssh_signature pki_sk_do_sign(ssh_pki_ctx context,
|
||||
pin_to_use = pin_buf;
|
||||
} else {
|
||||
SSH_LOG(SSH_LOG_WARN, "Failed to fetch PIN from callback");
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
goto error;
|
||||
}
|
||||
} else {
|
||||
@@ -714,7 +714,7 @@ ssh_signature pki_sk_do_sign(ssh_pki_ctx context,
|
||||
pin_to_use,
|
||||
context->sk_callbacks_options,
|
||||
&sign_response);
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
if (rc != SSH_OK) {
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Security key sign callback failed: %s (%d)",
|
||||
@@ -833,7 +833,7 @@ int ssh_sk_resident_keys_load(const struct ssh_pki_ctx_struct *pki_context,
|
||||
pin_to_use = pin_buf;
|
||||
} else {
|
||||
SSH_LOG(SSH_LOG_WARN, "Failed to fetch PIN from callback");
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
goto out;
|
||||
}
|
||||
} else {
|
||||
@@ -844,7 +844,7 @@ int ssh_sk_resident_keys_load(const struct ssh_pki_ctx_struct *pki_context,
|
||||
ctx_to_use->sk_callbacks_options,
|
||||
&raw_resident_keys,
|
||||
&raw_keys_count);
|
||||
explicit_bzero(pin_buf, sizeof(pin_buf));
|
||||
ssh_burn(pin_buf, sizeof(pin_buf));
|
||||
if (rc != SSH_OK) {
|
||||
SSH_LOG(SSH_LOG_WARN,
|
||||
"Security key load_resident_keys callback failed: %s (%d)",
|
||||
|
||||
@@ -417,7 +417,7 @@ void ssh_free(ssh_session session)
|
||||
_ssh_remove_legacy_log_cb();
|
||||
|
||||
/* burn connection, it could contain sensitive data */
|
||||
explicit_bzero(session, sizeof(struct ssh_session_struct));
|
||||
ssh_burn(session, sizeof(struct ssh_session_struct));
|
||||
SAFE_FREE(session);
|
||||
}
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@ void sk_enroll_response_burn(struct sk_enroll_response *enroll_response)
|
||||
enroll_response->attestation_cert_len);
|
||||
BURN_FREE(enroll_response->authdata, enroll_response->authdata_len);
|
||||
|
||||
explicit_bzero(enroll_response, sizeof(*enroll_response));
|
||||
ssh_burn(enroll_response, sizeof(*enroll_response));
|
||||
}
|
||||
|
||||
void sk_enroll_response_free(struct sk_enroll_response *enroll_response)
|
||||
|
||||
@@ -344,7 +344,7 @@ void ssh_string_burn(struct ssh_string_struct *s)
|
||||
return;
|
||||
}
|
||||
|
||||
explicit_bzero(s->data, ssh_string_len(s));
|
||||
ssh_burn(s->data, ssh_string_len(s));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -48,7 +48,7 @@ void ssh_tokens_free(struct ssh_tokens_st *tokens)
|
||||
|
||||
if (tokens->tokens != NULL) {
|
||||
for (i = 0; tokens->tokens[i] != NULL; i++) {
|
||||
explicit_bzero(tokens->tokens[i], strlen(tokens->tokens[i]));
|
||||
ssh_burn(tokens->tokens[i], strlen(tokens->tokens[i]));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -199,11 +199,11 @@ void crypto_free(struct ssh_crypto_struct *crypto)
|
||||
#endif
|
||||
SAFE_FREE(crypto->dh_server_signature);
|
||||
if (crypto->session_id != NULL) {
|
||||
explicit_bzero(crypto->session_id, crypto->session_id_len);
|
||||
ssh_burn(crypto->session_id, crypto->session_id_len);
|
||||
SAFE_FREE(crypto->session_id);
|
||||
}
|
||||
if (crypto->secret_hash != NULL) {
|
||||
explicit_bzero(crypto->secret_hash, crypto->digest_len);
|
||||
ssh_burn(crypto->secret_hash, crypto->digest_len);
|
||||
SAFE_FREE(crypto->secret_hash);
|
||||
}
|
||||
compress_cleanup(crypto);
|
||||
@@ -212,11 +212,11 @@ void crypto_free(struct ssh_crypto_struct *crypto)
|
||||
SAFE_FREE(crypto->encryptMAC);
|
||||
SAFE_FREE(crypto->decryptMAC);
|
||||
if (crypto->encryptkey != NULL) {
|
||||
explicit_bzero(crypto->encryptkey, crypto->out_cipher->keysize / 8);
|
||||
ssh_burn(crypto->encryptkey, crypto->out_cipher->keysize / 8);
|
||||
SAFE_FREE(crypto->encryptkey);
|
||||
}
|
||||
if (crypto->decryptkey != NULL) {
|
||||
explicit_bzero(crypto->decryptkey, crypto->in_cipher->keysize / 8);
|
||||
ssh_burn(crypto->decryptkey, crypto->in_cipher->keysize / 8);
|
||||
SAFE_FREE(crypto->decryptkey);
|
||||
}
|
||||
|
||||
@@ -239,7 +239,7 @@ void crypto_free(struct ssh_crypto_struct *crypto)
|
||||
ssh_string_free(crypto->hybrid_shared_secret);
|
||||
#endif
|
||||
|
||||
explicit_bzero(crypto, sizeof(struct ssh_crypto_struct));
|
||||
ssh_burn(crypto, sizeof(struct ssh_crypto_struct));
|
||||
|
||||
SAFE_FREE(crypto);
|
||||
}
|
||||
|
||||
@@ -129,7 +129,7 @@ torture_packet(const char *cipher, const char *mac_type,
|
||||
assert_int_equal(rc, encrypted_packet_len);
|
||||
|
||||
ssh_packet_set_callbacks(session, &cb);
|
||||
explicit_bzero(response, sizeof(response));
|
||||
ssh_burn(response, sizeof(response));
|
||||
rc = ssh_packet_socket_callback(buffer, encrypted_packet_len, session);
|
||||
assert_int_not_equal(rc, SSH_ERROR);
|
||||
if(payload_len > 0){
|
||||
|
||||
Reference in New Issue
Block a user