Page MenuHomeFreeBSD
Differential D47037

lib/libcrypt: use explicit_bzero() to clear sensitive buffers
ClosedPublic
Actions

Authored by fuz on Oct 10 2024, 9:21 AM.
Tags
None
Referenced Files
F106151062: D47037.diff
Thu, Dec 26, 5:56 AM
Unknown Object (File)
Sat, Dec 14, 9:58 PM
Unknown Object (File)
Mon, Dec 9, 5:53 AM
Unknown Object (File)
Nov 23 2024, 11:14 PM
Unknown Object (File)
Nov 21 2024, 7:16 AM
Unknown Object (File)
Nov 20 2024, 7:01 PM
Unknown Object (File)
Nov 18 2024, 2:01 PM
Unknown Object (File)
Nov 6 2024, 5:08 PM
View All 19 Files
Subscribers
imp

Details

Reviewers
kevans
delphij
Commits
rG1af027e583ec: lib/libcrypt: use explicit_bzero() to clear sensitive buffers
rGa2c0d2026fb4: lib/libcrypt: use explicit_bzero() to clear sensitive buffers
Summary

Prevent a potentially sufficiently smart compiler from optimising
away our attempts to clear sensitive buffers.

A related change was discussed and rejected in D16059, but I don't
believe the reasoning there applies: the code clearly documents its
intent that the memset calls clear sensitive buffers so they don't
hang around. explicit_bzero is the appropriate function for this
purpose. A potential performance disadvantage seems less important:
the functions in crypt are specifically designed to be slow, so a
few extra calls to guarantee that sensitive buffers are cleared does
not significantly affect runtime.

Test Plan

Passes test suite, no functional changes.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
lib/
libcrypt/
5 lines
7 lines
7 lines

Diff 145454

View Options

lib/libcrypt/crypt-md5.c

Loading...
View Options

lib/libcrypt/crypt-sha256.c

Loading...
View Options

lib/libcrypt/crypt-sha512.c

Loading...