HomeFreeBSD

lib/libcrypt: use explicit_bzero() to clear sensitive buffers

Description

lib/libcrypt: use explicit_bzero() to clear sensitive buffers

Prevent a potentially sufficiently smart compiler from optimising
away our attempts to clear sensitive buffers.

A related change was discussed and rejected in D16059, but I don't
believe the reasoning there applies: the code clearly documents its
intent that the memset calls clear sensitive buffers so they don't
hang around. explicit_bzero is the appropriate function for this
purpose. A potential performance disadvantage seems less important:
the functions in crypt are specifically designed to be slow, so a
few extra calls to guarantee that sensitive buffers are cleared does
not significantly affect runtime.

See also: D16059
Reviewed by: delphij, kevans
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47037

Details

Provenance
fuzAuthored on Oct 10 2024, 9:08 AM
Reviewer
delphij
Differential Revision
D47037: lib/libcrypt: use explicit_bzero() to clear sensitive buffers
Parents
rG3ab8697d9e45: git-arc: Do not echo unescaped literals to jq
Branches
Unknown
Tags
Unknown