diff options
| author | Yann Ylavic <ylavic@apache.org> | 2022-06-28 16:09:12 +0000 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2022-06-28 16:09:12 +0000 |
| commit | 4000041d0ea6f7fccea67d2ac3d8205270b1cf1a (patch) | |
| tree | 60520ce5d99c7db9fb3a19ad0d03ae4a28fe0296 | |
| parent | 17ab72e940b86ec420057e27dbe543f54c9b21ff (diff) | |
| download | apr-4000041d0ea6f7fccea67d2ac3d8205270b1cf1a.tar.gz | |
apr_strings: Provide apr_memzero_explicit() in APR.
This function is handy outside apu_crypto usage, don't require users to link
to APU for the feature.
This commit moves the apr_crypto_memzero() implementation to apr_strings under
the apr_memzero_explicit() name, and replaces the calls to the former with the
latter, and apr_crypto_memzero() now calls apr_memzero_explicit() directly.
* include/apr_strings.h():
Declare apr_memzero_explicit().
* strings/apr_strings.c():
Implement apr_memzero_explicit() by moving/renaming the code from apu_crypto.
* crypto/apr_crypto.c(apr_crypto_memzero):
Fall back to apr_memzero_explicit().
* crypto/apr_crypto.c(crypto_clear):
Use apr_memzero_explicit() instead of apr_crypto_memzero().
* crypto/apr_crypto_prng.c(cprng_cleanup, cprng_stream_bytes,
apr_crypto_prng_reseed, cprng_bytes,
apr_crypto_prng_rekey, apr_crypto_prng_after_fork):
Use apr_memzero_explicit() instead of apr_crypto_memzero().
* crypto/apr_md4.c(MD4Transform):
Use apr_memzero_explicit() instead of apr_crypto_memzero().
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1902323 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | crypto/apr_crypto.c | 31 | ||||
| -rw-r--r-- | crypto/apr_crypto_prng.c | 15 | ||||
| -rw-r--r-- | crypto/apr_md4.c | 7 | ||||
| -rw-r--r-- | include/apr_strings.h | 10 | ||||
| -rw-r--r-- | strings/apr_strings.c | 32 |
5 files changed, 53 insertions, 42 deletions
diff --git a/crypto/apr_crypto.c b/crypto/apr_crypto.c index 7572a5904..fa08092e5 100644 --- a/crypto/apr_crypto.c +++ b/crypto/apr_crypto.c @@ -120,7 +120,7 @@ static apr_status_t crypto_clear(void *ptr) { apr_crypto_clear_t *clear = (apr_crypto_clear_t *)ptr; - apr_crypto_memzero(clear->buffer, clear->size); + apr_memzero_explicit(clear->buffer, clear->size); clear->buffer = NULL; clear->size = 0; @@ -141,36 +141,9 @@ APR_DECLARE(apr_status_t) apr_crypto_clear(apr_pool_t *pool, return APR_SUCCESS; } -#if defined(HAVE_WEAK_SYMBOLS) -void apr__memzero_explicit(void *buffer, apr_size_t size); - -__attribute__ ((weak)) -void apr__memzero_explicit(void *buffer, apr_size_t size) -{ - memset(buffer, 0, size); -} -#endif - APR_DECLARE(apr_status_t) apr_crypto_memzero(void *buffer, apr_size_t size) { -#if defined(WIN32) - SecureZeroMemory(buffer, size); -#elif defined(HAVE_MEMSET_S) - if (size) { - return memset_s(buffer, (rsize_t)size, 0, (rsize_t)size); - } -#elif defined(HAVE_EXPLICIT_BZERO) - explicit_bzero(buffer, size); -#elif defined(HAVE_WEAK_SYMBOLS) - apr__memzero_explicit(buffer, size); -#else - apr_size_t i; - volatile unsigned char *volatile ptr = buffer; - for (i = 0; i < size; ++i) { - ptr[i] = 0; - } -#endif - return APR_SUCCESS; + return apr_memzero_explicit(buffer, size); } APR_DECLARE(int) apr_crypto_equals(const void *buf1, const void *buf2, diff --git a/crypto/apr_crypto_prng.c b/crypto/apr_crypto_prng.c index 842987f95..cd4a2044d 100644 --- a/crypto/apr_crypto_prng.c +++ b/crypto/apr_crypto_prng.c @@ -43,12 +43,13 @@ #include "apr_crypto.h" #include "apr_crypto_internal.h" +#include "apr_strings.h" + #if APU_HAVE_CRYPTO #if APU_HAVE_CRYPTO_PRNG #include "apr_ring.h" #include "apr_pools.h" -#include "apr_strings.h" #include "apr_thread_mutex.h" #include "apr_thread_proc.h" @@ -263,7 +264,7 @@ static apr_status_t cprng_cleanup(void *arg) } if (cprng->key) { - apr_crypto_memzero(cprng->key, CPRNG_KEY_SIZE + cprng->len); + apr_memzero_explicit(cprng->key, CPRNG_KEY_SIZE + cprng->len); } if (!cprng->pool) { @@ -435,7 +436,7 @@ static apr_status_t cprng_stream_bytes(apr_crypto_prng_t *cprng, rv = cprng->crypto->provider->cprng_stream_ctx_bytes(&cprng->ctx, cprng->key, to, len, cprng->buf); if (rv != APR_SUCCESS && len) { - apr_crypto_memzero(to, len); + apr_memzero_explicit(to, len); } return rv; } @@ -456,7 +457,7 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_reseed(apr_crypto_prng_t *cprng, cprng_lock(cprng); cprng->pos = cprng->len; - apr_crypto_memzero(cprng->buf, cprng->len); + apr_memzero_explicit(cprng->buf, cprng->len); if (seed) { apr_size_t n = 0; do { @@ -528,7 +529,7 @@ static apr_status_t cprng_bytes(apr_crypto_prng_t *cprng, * both forward secrecy and cleared next mixed data. */ memcpy(ptr, cprng->buf + cprng->pos, n); - apr_crypto_memzero(cprng->buf + cprng->pos, n); + apr_memzero_explicit(cprng->buf + cprng->pos, n); cprng->pos += n; ptr += n; @@ -576,7 +577,7 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_rekey(apr_crypto_prng_t *cprng) /* Clear state and renew the key. */ cprng->pos = cprng->len; - apr_crypto_memzero(cprng->buf, cprng->len); + apr_memzero_explicit(cprng->buf, cprng->len); rv = cprng_stream_bytes(cprng, NULL, 0); cprng_unlock(cprng); @@ -627,7 +628,7 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_after_fork(apr_crypto_prng_t *cprng, * and that nothing is left over from the initial state in both processes. */ cprng->pos = cprng->len; - apr_crypto_memzero(cprng->buf, cprng->len); + apr_memzero_explicit(cprng->buf, cprng->len); if (!is_child) { rv = cprng_stream_bytes(cprng, cprng->key, CPRNG_KEY_SIZE); } diff --git a/crypto/apr_md4.c b/crypto/apr_md4.c index 22a0926e7..aef0a3404 100644 --- a/crypto/apr_md4.c +++ b/crypto/apr_md4.c @@ -41,7 +41,6 @@ #include "apr_strings.h" #include "apr_md4.h" #include "apr_lib.h" -#include "apr_crypto.h" /* for apr_crypto_memzero, if available */ #if APR_HAVE_STRING_H #include <string.h> @@ -360,11 +359,7 @@ static void MD4Transform(apr_uint32_t state[4], const unsigned char block[64]) state[3] += d; /* Zeroize sensitive information. */ -#if APU_HAVE_CRYPTO - apr_crypto_memzero(x, sizeof(x)); -#else - memset(x, 0, sizeof(x)); -#endif + apr_memzero_explicit(x, sizeof(x)); } /* Encodes input (apr_uint32_t) into output (unsigned char). Assumes len is diff --git a/include/apr_strings.h b/include/apr_strings.h index d5f8719d2..56f0426fc 100644 --- a/include/apr_strings.h +++ b/include/apr_strings.h @@ -183,6 +183,16 @@ APR_DECLARE_NONSTD(char *) apr_psprintf(apr_pool_t *p, const char *fmt, ...) __attribute__((format(printf,2,3))); /** + * zero out the buffer provided, without being optimized out by + * the compiler. + * + * @param buffer buffer to zero out + * @param size size of the buffer to zero out + * @return APR_SUCCESS or an errno + */ +APR_DECLARE(apr_status_t) apr_memzero_explicit(void *buffer, apr_size_t size); + +/** * Copy up to dst_size characters from src to dst; does not copy * past a NUL terminator in src, but always terminates dst with a NUL * regardless. diff --git a/strings/apr_strings.c b/strings/apr_strings.c index beca6d480..2519f95b9 100644 --- a/strings/apr_strings.c +++ b/strings/apr_strings.c @@ -212,6 +212,38 @@ APR_DECLARE(char *) apr_pstrcatv(apr_pool_t *a, const struct iovec *vec, return res; } +#if defined(HAVE_WEAK_SYMBOLS) +void apr__memzero_explicit(void *buffer, apr_size_t size); + +__attribute__ ((weak)) +void apr__memzero_explicit(void *buffer, apr_size_t size) +{ + memset(buffer, 0, size); +} +#endif + +APR_DECLARE(apr_status_t) apr_memzero_explicit(void *buffer, apr_size_t size) +{ +#if defined(WIN32) + SecureZeroMemory(buffer, size); +#elif defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(buffer, size); +#elif defined(HAVE_MEMSET_S) + if (size) { + return memset_s(buffer, (rsize_t)size, 0, (rsize_t)size); + } +#elif defined(HAVE_WEAK_SYMBOLS) + apr__memzero_explicit(buffer, size); +#else + apr_size_t i; + volatile unsigned char *volatile ptr = buffer; + for (i = 0; i < size; ++i) { + ptr[i] = 0; + } +#endif + return APR_SUCCESS; +} + #if (!APR_HAVE_MEMCHR) void *memchr(const void *s, int c, size_t n) { |