apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1210530 - in /apr/apr-util/branches/1.5.x: ./ crypto/apr_crypto.c crypto/apr_crypto_nss.c crypto/apr_crypto_openssl.c include/apr_crypto.h
Date Mon, 05 Dec 2011 17:02:28 GMT
Author: minfrin
Date: Mon Dec  5 17:02:27 2011
New Revision: 1210530

URL: http://svn.apache.org/viewvc?rev=1210530&view=rev
Log:
Backport:
apr_crypto: Clear out buffers that are allocated by us when the pool from
which the memory was allocated from is cleaned up.

Modified:
    apr/apr-util/branches/1.5.x/   (props changed)
    apr/apr-util/branches/1.5.x/crypto/apr_crypto.c
    apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c
    apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c
    apr/apr-util/branches/1.5.x/include/apr_crypto.h

Propchange: apr/apr-util/branches/1.5.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Dec  5 17:02:27 2011
@@ -1,3 +1,3 @@
-/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,1127648,1128838,1129433,1133587,1207704
+/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,1127648,1128838,1129433,1133587,1207704,1210524
 /apr/apr-util/branches/1.3.x:896410,1154885
 /apr/apr-util/trunk:731033-731034,731225,731236,731291,731293,731379,743986,744009,745771,747612,747623,747630

Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto.c?rev=1210530&r1=1210529&r2=1210530&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto.c Mon Dec  5 17:02:27 2011
@@ -62,6 +62,11 @@ APR_TYPEDEF_STRUCT(apr_crypto_block_t,
     const apr_crypto_t *f;
 )
 
+typedef struct apr_crypto_clear_t {
+    void *buffer;
+    apr_size_t size;
+} apr_crypto_clear_t;
+
 #if !APU_DSO_BUILD
 #define DRIVER_LOAD(name,driver,pool,params) \
     {   \
@@ -124,6 +129,31 @@ APU_DECLARE(apr_status_t) apr_crypto_ini
     return ret;
 }
 
+static apr_status_t crypto_clear(void *ptr)
+{
+    apr_crypto_clear_t *clear = (apr_crypto_clear_t *)ptr;
+
+    memset(clear->buffer, 0, clear->size);
+    clear->buffer = NULL;
+    clear->size = 0;
+
+    return APR_SUCCESS;
+}
+
+APR_DECLARE(apr_status_t) apr_crypto_clear(apr_pool_t *pool,
+        void *buffer, apr_size_t size)
+{
+    apr_crypto_clear_t *clear = apr_palloc(pool, sizeof(apr_crypto_clear_t));
+
+    clear->buffer = buffer;
+    clear->size = size;
+
+    apr_pool_cleanup_register(pool, clear, crypto_clear,
+            apr_pool_cleanup_null);
+
+    return APR_SUCCESS;
+}
+
 APU_DECLARE(apr_status_t) apr_crypto_get_driver(
         const apr_crypto_driver_t **driver, const char *name,
         const char *params, const apu_err_t **result, apr_pool_t *pool)

Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c?rev=1210530&r1=1210529&r2=1210530&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto_nss.c Mon Dec  5 17:02:27 2011
@@ -551,6 +551,7 @@ static apr_status_t crypto_block_encrypt
             if (!usedIv) {
                 return APR_ENOMEM;
             }
+            apr_crypto_clear(p, usedIv, key->ivSize);
             s = PK11_GenerateRandom(usedIv, key->ivSize);
             if (s != SECSuccess) {
                 return APR_ENOIV;
@@ -622,6 +623,7 @@ static apr_status_t crypto_block_encrypt
         if (!buffer) {
             return APR_ENOMEM;
         }
+        apr_crypto_clear(block->pool, buffer, inlen + block->blockSize);
         *out = buffer;
     }
 
@@ -785,6 +787,7 @@ static apr_status_t crypto_block_decrypt
         if (!buffer) {
             return APR_ENOMEM;
         }
+        apr_crypto_clear(block->pool, buffer, inlen + block->blockSize);
         *out = buffer;
     }
 

Modified: apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c?rev=1210530&r1=1210529&r2=1210530&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c (original)
+++ apr/apr-util/branches/1.5.x/crypto/apr_crypto_openssl.c Mon Dec  5 17:02:27 2011
@@ -430,6 +430,7 @@ static apr_status_t crypto_passphrase(ap
     if (!key->key) {
         return APR_ENOMEM;
     }
+    apr_crypto_clear(p, key->key, key->keyLen);
 
     /* generate the key */
     if (PKCS5_PBKDF2_HMAC_SHA1(pass, passLen, (unsigned char *) salt, saltLen,
@@ -503,6 +504,7 @@ static apr_status_t crypto_block_encrypt
             if (!usedIv) {
                 return APR_ENOMEM;
             }
+            apr_crypto_clear(p, usedIv, key->ivSize);
             if (!((RAND_status() == 1)
                     && (RAND_bytes(usedIv, key->ivSize) == 1))) {
                 return APR_ENOIV;
@@ -574,6 +576,7 @@ static apr_status_t crypto_block_encrypt
         if (!buffer) {
             return APR_ENOMEM;
         }
+        apr_crypto_clear(ctx->pool, buffer, inlen + EVP_MAX_BLOCK_LENGTH);
         *out = buffer;
     }
 
@@ -728,6 +731,7 @@ static apr_status_t crypto_block_decrypt
         if (!buffer) {
             return APR_ENOMEM;
         }
+        apr_crypto_clear(ctx->pool, buffer, inlen + EVP_MAX_BLOCK_LENGTH);
         *out = buffer;
     }
 

Modified: apr/apr-util/branches/1.5.x/include/apr_crypto.h
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.5.x/include/apr_crypto.h?rev=1210530&r1=1210529&r2=1210530&view=diff
==============================================================================
--- apr/apr-util/branches/1.5.x/include/apr_crypto.h (original)
+++ apr/apr-util/branches/1.5.x/include/apr_crypto.h Mon Dec  5 17:02:27 2011
@@ -132,6 +132,17 @@ typedef struct apr_crypto_block_t apr_cr
 APU_DECLARE(apr_status_t) apr_crypto_init(apr_pool_t *pool);
 
 /**
+ * @brief Register a cleanup to zero out the buffer provided
+ * when the pool is cleaned up.
+ *
+ * @param pool - pool to register the cleanup
+ * @param buffer - buffer to zero out
+ * @param size - size of the buffer to zero out
+ */
+APR_DECLARE(apr_status_t) apr_crypto_clear(apr_pool_t *pool, void *buffer,
+        apr_size_t size);
+
+/**
  * @brief Get the driver struct for a name
  *
  * @param driver - pointer to driver struct.



Mime
View raw message