[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    Re: use of explicit_bzero() in cast_setkey()
From:       Matthew Dempsky <matthew () dempsky ! org>
Date:       2012-04-25 2:52:13
Message-ID: CANKkrzHgRqHf+tQuX4uis_1Vf1StJWd8a3V96EH9s-ZGG8_HrA () mail ! gmail ! com
[Download RAW message or body]

Makes sense to me.

On Wed, Apr 25, 2012 at 4:31 AM, Michael W. Bombardieri <mb@ii.net> wrote:
> Hi tech,
>
> I noticed that parts of src/sys/crypto use
> explicit_bzero() for cleaning up key data, e.g.
> line 119 of cmac.c.
> I am not very familiar with this code, but it
> appears one loop in cast_setkey() could be replaced
> with explicit_bzero(). Would there be any
> value in doing this?
>
> - Michael
>
>
> Index: cast.c
> ===================================================================
> RCS file: /cvs/src/sys/crypto/cast.c,v
> retrieving revision 1.3
> diff -u -r1.3 cast.c
> --- cast.c      24 Mar 2005 11:45:28 -0000      1.3
> +++ cast.c      21 Apr 2012 10:07:19 -0000
> @@ -268,9 +268,9 @@
>                }
>        }
>        /* Wipe clean */
> -       for (i = 0; i < 4; i++) {
> -               t[i] = x[i] = z[i] = 0;
> -       }
> +       explicit_bzero(t, sizeof(t));
> +       explicit_bzero(x, sizeof(x));
> +       explicit_bzero(z, sizeof(z));
>  }
>
>  /* Made in Canada */

[prev in list] [next in list] [prev in thread] [next in thread]