[njs] Crypto: zeroing the context after usage.

Dmitry Volyntsev xeioex at nginx.com
Tue Jul 2 12:29:38 UTC 2019


details:   https://hg.nginx.org/njs/rev/7a8584306099
branches:  
changeset: 1023:7a8584306099
user:      David Carlier <devnexen at gmail.com>
date:      Tue Jun 18 15:02:57 2019 +0000
description:
Crypto: zeroing the context after usage.

Regardless of the compiler optimisation.

This closes #181 pull request.

diffstat:

 nxt/nxt_md5.c    |  2 +-
 nxt/nxt_sha1.c   |  2 +-
 nxt/nxt_sha2.c   |  2 +-
 nxt/nxt_string.h |  2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diffs (48 lines):

diff -r f66b593ef3da -r 7a8584306099 nxt/nxt_md5.c
--- a/nxt/nxt_md5.c	Mon Jul 01 19:57:34 2019 +0300
+++ b/nxt/nxt_md5.c	Tue Jun 18 15:02:57 2019 +0000
@@ -110,7 +110,7 @@ nxt_md5_final(u_char result[16], nxt_md5
     result[14] = (u_char) (ctx->d >> 16);
     result[15] = (u_char) (ctx->d >> 24);
 
-    nxt_memzero(ctx, sizeof(*ctx));
+    nxt_explicit_memzero(ctx, sizeof(*ctx));
 }
 
 
diff -r f66b593ef3da -r 7a8584306099 nxt/nxt_sha1.c
--- a/nxt/nxt_sha1.c	Mon Jul 01 19:57:34 2019 +0300
+++ b/nxt/nxt_sha1.c	Tue Jun 18 15:02:57 2019 +0000
@@ -116,7 +116,7 @@ nxt_sha1_final(u_char result[20], nxt_sh
     result[18] = (u_char) (ctx->e >> 8);
     result[19] = (u_char)  ctx->e;
 
-    nxt_memzero(ctx, sizeof(*ctx));
+    nxt_explicit_memzero(ctx, sizeof(*ctx));
 }
 
 
diff -r f66b593ef3da -r 7a8584306099 nxt/nxt_sha2.c
--- a/nxt/nxt_sha2.c	Mon Jul 01 19:57:34 2019 +0300
+++ b/nxt/nxt_sha2.c	Tue Jun 18 15:02:57 2019 +0000
@@ -131,7 +131,7 @@ nxt_sha2_final(u_char result[32], nxt_sh
     result[30] = (u_char) (ctx->h >> 8);
     result[31] = (u_char)  ctx->h;
 
-    nxt_memzero(ctx, sizeof(*ctx));
+    nxt_explicit_memzero(ctx, sizeof(*ctx));
 }
 
 
diff -r f66b593ef3da -r 7a8584306099 nxt/nxt_string.h
--- a/nxt/nxt_string.h	Mon Jul 01 19:57:34 2019 +0300
+++ b/nxt/nxt_string.h	Tue Jun 18 15:02:57 2019 +0000
@@ -97,7 +97,7 @@ nxt_explicit_memzero(buf, length)       
     (void) explicit_memset(buf, 0, length)
 #else
 nxt_inline void
-nxt_explicit_memzero(u_char *buf, size_t length)
+nxt_explicit_memzero(void *buf, size_t length)
 {
     volatile u_char  *p = (volatile u_char *) buf;
 


More information about the nginx-devel mailing list