Răsfoiți Sursa

* Use some more OPENSSL_cleanse

svn: 3801
Bryan Drewery 18 ani în urmă
părinte
comite
1470c8ffc2
2 a modificat fișierele cu 19 adăugiri și 2 ștergeri
  1. 2 0
      src/binary.c
  2. 17 2
      src/crypt.c

+ 2 - 0
src/binary.c

@@ -131,9 +131,11 @@ bin_checksum(const char *fname, int todo)
 
         strlcpy(settings.hash, hash, 65);
         edpack(&settings, hash, PACK_ENC);		/* encrypt the entire struct with the hash (including hash) */
+        OPENSSL_cleanse(hash, sizeof(hash));
 
         if (todo & WRITE_PACK) {
           fwrite(&settings.hash, SIZE_PACK, 1, newbin->f);
+          OPENSSL_cleanse(settings.hash, sizeof(settings.hash));
           sdprintf(STR("writing pack: %d\n"), SIZE_PACK);
         } else {
           char *tmpbuf = (char *) my_calloc(1, SIZE_PACK);

+ 17 - 2
src/crypt.c

@@ -309,6 +309,12 @@ char *MD5(const char *string)
 {
   static int n = 0;
   static char ret[5][MD5_HASH_LENGTH + 1];
+  //Cleanse the current buffer
+  if (!string) {
+    OPENSSL_cleanse(ret[n], MD5_HASH_LENGTH + 1);
+    return NULL;
+  }
+
   char* md5string = ret[n++];
   unsigned char   md5out[MD5_HASH_LENGTH + 1] = "";
   MD5_CTX ctx;
@@ -325,7 +331,9 @@ char *MD5(const char *string)
 }
 
 int md5cmp(const char *hash, const char *string) {
-  return strcmp(hash, MD5(string));
+  int n = strcmp(hash, MD5(string));
+  MD5(NULL);
+  return n;
 }
 
 char *
@@ -357,6 +365,11 @@ char *SHA1(const char *string)
 {
   static int n = 0;
   static char ret[5][SHA_HASH_LENGTH + 1];
+  //Cleanse the current buffer
+  if (!string) {
+    OPENSSL_cleanse(ret[n], SHA_HASH_LENGTH + 1);
+    return NULL;
+  }
   char* sha1string = ret[n++];
   unsigned char   sha1out[SHA_HASH_LENGTH + 1] = "";
   SHA_CTX ctx;
@@ -373,7 +386,9 @@ char *SHA1(const char *string)
 }
 
 int sha1cmp(const char *hash, const char *string) {
-  return strcmp(hash, SHA1(string));
+  int n = strcmp(hash, SHA1(string));
+  SHA1(NULL);
+  return n;
 }
 
 /* convert binary hashes to hex */