mirror of
https://github.com/php/php-src.git
synced 2024-11-23 18:04:36 +08:00
generalized the case with secure memory zeroing
This commit is contained in:
Anatol Belski
parent
adf753159b
commit
c45f4f5461
@ -382,6 +382,12 @@ char *alloca();
|
|||||||
/* excpt.h on Digital Unix 4.0 defines function_table */
|
/* excpt.h on Digital Unix 4.0 defines function_table */
|
||||||
#undef function_table
|
#undef function_table
|
||||||
|
|
||||||
|
#ifdef ZEND_WIN32
|
||||||
|
#define ZEND_SECURE_ZERO(var, size) RtlSecureZeroMemory((var), (size))
|
||||||
|
#else
|
||||||
|
#define ZEND_SECURE_ZERO(var, size) memset((var), 0, (size))
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* ZEND_PORTABILITY_H */
|
#endif /* ZEND_PORTABILITY_H */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -244,7 +244,7 @@ static void RIPEMD128Transform(php_hash_uint32 state[4], const unsigned char blo
|
|||||||
state[0] = tmp;
|
state[0] = tmp;
|
||||||
|
|
||||||
tmp = 0;
|
tmp = 0;
|
||||||
memset(x, 0, sizeof(x));
|
ZEND_SECURE_ZERO(x, sizeof(x));
|
||||||
}
|
}
|
||||||
/* }}} */
|
/* }}} */
|
||||||
|
|
||||||
@ -342,7 +342,7 @@ static void RIPEMD256Transform(php_hash_uint32 state[8], const unsigned char blo
|
|||||||
state[7] += dd;
|
state[7] += dd;
|
||||||
|
|
||||||
tmp = 0;
|
tmp = 0;
|
||||||
memset(x, 0, sizeof(x));
|
ZEND_SECURE_ZERO(x, sizeof(x));
|
||||||
}
|
}
|
||||||
/* }}} */
|
/* }}} */
|
||||||
|
|
||||||
@ -441,7 +441,7 @@ static void RIPEMD160Transform(php_hash_uint32 state[5], const unsigned char blo
|
|||||||
state[0] = tmp;
|
state[0] = tmp;
|
||||||
|
|
||||||
tmp = 0;
|
tmp = 0;
|
||||||
memset(x, 0, sizeof(x));
|
ZEND_SECURE_ZERO(x, sizeof(x));
|
||||||
}
|
}
|
||||||
/* }}} */
|
/* }}} */
|
||||||
|
|
||||||
@ -549,7 +549,7 @@ static void RIPEMD320Transform(php_hash_uint32 state[10], const unsigned char bl
|
|||||||
state[9] += ee;
|
state[9] += ee;
|
||||||
|
|
||||||
tmp = 0;
|
tmp = 0;
|
||||||
memset(x, 0, sizeof(x));
|
ZEND_SECURE_ZERO(x, sizeof(x));
|
||||||
}
|
}
|
||||||
/* }}} */
|
/* }}} */
|
||||||
|
|
||||||
|
|||||||
@ -263,8 +263,8 @@ static void WhirlpoolTransform(PHP_WHIRLPOOL_CTX *context)
|
|||||||
context->state[5] ^= state[5] ^ block[5];
|
context->state[5] ^= state[5] ^ block[5];
|
||||||
context->state[6] ^= state[6] ^ block[6];
|
context->state[6] ^= state[6] ^ block[6];
|
||||||
context->state[7] ^= state[7] ^ block[7];
|
context->state[7] ^= state[7] ^ block[7];
|
||||||
|
|
||||||
memset(state, 0, sizeof(state));
|
ZEND_SECURE_ZERO(state, sizeof(state));
|
||||||
}
|
}
|
||||||
|
|
||||||
PHP_HASH_API void PHP_WHIRLPOOLInit(PHP_WHIRLPOOL_CTX *context)
|
PHP_HASH_API void PHP_WHIRLPOOLInit(PHP_WHIRLPOOL_CTX *context)
|
||||||
|
|||||||
@ -207,15 +207,11 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch
|
|||||||
|
|
||||||
crypt_res = php_crypt_blowfish_rn(password, salt, output, sizeof(output));
|
crypt_res = php_crypt_blowfish_rn(password, salt, output, sizeof(output));
|
||||||
if (!crypt_res) {
|
if (!crypt_res) {
|
||||||
memset(output, 0, PHP_MAX_SALT_LEN + 1);
|
ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1);
|
||||||
return NULL;
|
return NULL;
|
||||||
} else {
|
} else {
|
||||||
result = zend_string_init(output, strlen(output), 0);
|
result = zend_string_init(output, strlen(output), 0);
|
||||||
#ifdef PHP_WIN32
|
ZEND_SECURE_ZERO(output, PHP_MAX_SALT_LEN + 1);
|
||||||
RtlSecureZeroMemory(output, PHP_MAX_SALT_LEN + 1);
|
|
||||||
#else
|
|
||||||
memset(output, 0, PHP_MAX_SALT_LEN + 1);
|
|
||||||
#endif
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -571,33 +571,18 @@ char * php_sha256_crypt_r(const char *key, const char *salt, char *buffer, int b
|
|||||||
inside the SHA256 implementation as well. */
|
inside the SHA256 implementation as well. */
|
||||||
sha256_init_ctx(&ctx);
|
sha256_init_ctx(&ctx);
|
||||||
sha256_finish_ctx(&ctx, alt_result);
|
sha256_finish_ctx(&ctx, alt_result);
|
||||||
#ifdef PHP_WIN32
|
ZEND_SECURE_ZERO(temp_result, sizeof(temp_result));
|
||||||
RtlSecureZeroMemory(temp_result, sizeof(temp_result));
|
ZEND_SECURE_ZERO(p_bytes, key_len);
|
||||||
RtlSecureZeroMemory(p_bytes, key_len);
|
ZEND_SECURE_ZERO(s_bytes, salt_len);
|
||||||
RtlSecureZeroMemory(s_bytes, salt_len);
|
ZEND_SECURE_ZERO(&ctx, sizeof(ctx));
|
||||||
RtlSecureZeroMemory(&ctx, sizeof(ctx));
|
ZEND_SECURE_ZERO(&alt_ctx, sizeof(alt_ctx));
|
||||||
RtlSecureZeroMemory(&alt_ctx, sizeof(alt_ctx));
|
|
||||||
|
|
||||||
if (copied_key != NULL) {
|
if (copied_key != NULL) {
|
||||||
RtlSecureZeroMemory(copied_key, key_len);
|
ZEND_SECURE_ZERO(copied_key, key_len);
|
||||||
}
|
}
|
||||||
if (copied_salt != NULL) {
|
if (copied_salt != NULL) {
|
||||||
RtlSecureZeroMemory(copied_salt, salt_len);
|
ZEND_SECURE_ZERO(copied_salt, salt_len);
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
memset(temp_result, '\0', sizeof(temp_result));
|
|
||||||
memset(p_bytes, '\0', key_len);
|
|
||||||
memset(s_bytes, '\0', salt_len);
|
|
||||||
memset(&ctx, '\0', sizeof(ctx));
|
|
||||||
memset(&alt_ctx, '\0', sizeof(alt_ctx));
|
|
||||||
|
|
||||||
if (copied_key != NULL) {
|
|
||||||
memset(copied_key, '\0', key_len);
|
|
||||||
}
|
|
||||||
if (copied_salt != NULL) {
|
|
||||||
memset(copied_salt, '\0', salt_len);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return buffer;
|
return buffer;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -619,31 +619,17 @@ php_sha512_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
|
|||||||
inside the SHA512 implementation as well. */
|
inside the SHA512 implementation as well. */
|
||||||
sha512_init_ctx(&ctx);
|
sha512_init_ctx(&ctx);
|
||||||
sha512_finish_ctx(&ctx, alt_result);
|
sha512_finish_ctx(&ctx, alt_result);
|
||||||
#ifdef PHP_WIN32
|
ZEND_SECURE_ZERO(temp_result, sizeof(temp_result));
|
||||||
RtlSecureZeroMemory(temp_result, sizeof(temp_result));
|
ZEND_SECURE_ZERO(p_bytes, key_len);
|
||||||
RtlSecureZeroMemory(p_bytes, key_len);
|
ZEND_SECURE_ZERO(s_bytes, salt_len);
|
||||||
RtlSecureZeroMemory(s_bytes, salt_len);
|
ZEND_SECURE_ZERO(&ctx, sizeof(ctx));
|
||||||
RtlSecureZeroMemory(&ctx, sizeof(ctx));
|
ZEND_SECURE_ZERO(&alt_ctx, sizeof(alt_ctx));
|
||||||
RtlSecureZeroMemory(&alt_ctx, sizeof(alt_ctx));
|
|
||||||
if (copied_key != NULL) {
|
if (copied_key != NULL) {
|
||||||
RtlSecureZeroMemory(copied_key, key_len);
|
ZEND_SECURE_ZERO(copied_key, key_len);
|
||||||
}
|
}
|
||||||
if (copied_salt != NULL) {
|
if (copied_salt != NULL) {
|
||||||
RtlSecureZeroMemory(copied_salt, salt_len);
|
ZEND_SECURE_ZERO(copied_salt, salt_len);
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
memset(temp_result, '\0', sizeof(temp_result));
|
|
||||||
memset(p_bytes, '\0', key_len);
|
|
||||||
memset(s_bytes, '\0', salt_len);
|
|
||||||
memset(&ctx, '\0', sizeof(ctx));
|
|
||||||
memset(&alt_ctx, '\0', sizeof(alt_ctx));
|
|
||||||
if (copied_key != NULL) {
|
|
||||||
memset(copied_key, '\0', key_len);
|
|
||||||
}
|
|
||||||
if (copied_salt != NULL) {
|
|
||||||
memset(copied_salt, '\0', salt_len);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return buffer;
|
return buffer;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -206,7 +206,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Don't leave anything around in vm they could use. */
|
/* Don't leave anything around in vm they could use. */
|
||||||
RtlSecureZeroMemory(final, sizeof(final));
|
ZEND_SECURE_ZERO(final, sizeof(final));
|
||||||
|
|
||||||
/* Then something really weird... */
|
/* Then something really weird... */
|
||||||
for (i = pwl; i != 0; i >>= 1) {
|
for (i = pwl; i != 0; i >>= 1) {
|
||||||
@ -288,7 +288,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out) {
|
|||||||
|
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
|
|
||||||
RtlSecureZeroMemory(final, sizeof(final));
|
ZEND_SECURE_ZERO(final, sizeof(final));
|
||||||
|
|
||||||
|
|
||||||
_destroyCtx1:
|
_destroyCtx1:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user