Page MenuHomeFreeBSD
Differential D47037

lib/libcrypt: use explicit_bzero() to clear sensitive buffers
ClosedPublic
Actions

Authored by fuz on Thu, Oct 10, 9:21 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 5, 1:31 AM
Unknown Object (File)
Sun, Nov 3, 1:44 AM
Unknown Object (File)
Thu, Oct 31, 9:39 PM
Unknown Object (File)
Fri, Oct 25, 6:25 PM
Unknown Object (File)
Fri, Oct 25, 3:15 PM
Unknown Object (File)
Mon, Oct 14, 5:27 PM
Unknown Object (File)
Fri, Oct 11, 3:14 AM
Subscribers
imp

Details

Reviewers
kevans
delphij
Commits
rG1af027e583ec: lib/libcrypt: use explicit_bzero() to clear sensitive buffers
rGa2c0d2026fb4: lib/libcrypt: use explicit_bzero() to clear sensitive buffers
Summary

Prevent a potentially sufficiently smart compiler from optimising
away our attempts to clear sensitive buffers.

A related change was discussed and rejected in D16059, but I don't
believe the reasoning there applies: the code clearly documents its
intent that the memset calls clear sensitive buffers so they don't
hang around. explicit_bzero is the appropriate function for this
purpose. A potential performance disadvantage seems less important:
the functions in crypt are specifically designed to be slow, so a
few extra calls to guarantee that sensitive buffers are cleared does
not significantly affect runtime.

Test Plan

Passes test suite, no functional changes.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
lib/
libcrypt/
5 lines
7 lines
7 lines

Diff 145454

View Options

lib/libcrypt/crypt-md5.c

Loading...
View Options

lib/libcrypt/crypt-sha256.c

Loading...
View Options

lib/libcrypt/crypt-sha512.c

Loading...