[Ttssh2-commit] [6229] チケット #35870 ゼロクリアの削除

svnno****@sourc***** svnno****@sourc*****
2016年 1月 1日 (金) 20:06:37 JST


Revision: 6229
          http://sourceforge.jp/projects/ttssh2/scm/svn/commits/6229
Author:   yutakapon
Date:     2016-01-01 20:06:37 +0900 (Fri, 01 Jan 2016)
Log Message:
-----------
チケット #35870 ゼロクリアの削除

memset()やZeroMemory()は、コンパイラの最適化で削除されることがあるため、
セキュリティ上削除されると困る箇所に関しては SecureZeroMemory() に置き換える。
SecureZeroMemory() はインライン関数のため、Windows95 でも動作する。

Ticket Links:
------------
    http://sourceforge.jp/projects/ttssh2/tracker/detail/35870

Modified Paths:
--------------
    trunk/ttssh2/ttxssh/auth.c
    trunk/ttssh2/ttxssh/buffer.c
    trunk/ttssh2/ttxssh/cipher-ctr.c
    trunk/ttssh2/ttxssh/crypt.c
    trunk/ttssh2/ttxssh/ed25519_bcrypt_pbkdf.c
    trunk/ttssh2/ttxssh/key.c
    trunk/ttssh2/ttxssh/keyfiles.c
    trunk/ttssh2/ttxssh/ttxssh.c
    trunk/ttssh2/ttxssh/util.c
    trunk/ttssh2/ttxssh/x11util.c

-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/auth.c
===================================================================
--- trunk/ttssh2/ttxssh/auth.c	2016-01-01 09:19:41 UTC (rev 6228)
+++ trunk/ttssh2/ttxssh/auth.c	2016-01-01 11:06:37 UTC (rev 6229)
@@ -51,7 +51,7 @@
 void destroy_malloced_string(char FAR * FAR * str)
 {
 	if (*str != NULL) {
-		memset(*str, 0, strlen(*str));
+		SecureZeroMemory(*str, strlen(*str));
 		free(*str);
 		*str = NULL;
 	}

Modified: trunk/ttssh2/ttxssh/buffer.c
===================================================================
--- trunk/ttssh2/ttxssh/buffer.c	2016-01-01 09:19:41 UTC (rev 6228)
+++ trunk/ttssh2/ttxssh/buffer.c	2016-01-01 11:06:37 UTC (rev 6229)
@@ -52,7 +52,7 @@
 	if (buf != NULL) {
 		// \x83Z\x83L\x83\x85\x83\x8A\x83e\x83B\x91΍\xF4 (2006.8.3 yutaka)
 		int len =  buffer_len(buf);
-		memset(buf->buf, 'x', len);
+		SecureZeroMemory(buf->buf, len);
 		free(buf->buf);
 		free(buf);
 	}

Modified: trunk/ttssh2/ttxssh/cipher-ctr.c
===================================================================
--- trunk/ttssh2/ttxssh/cipher-ctr.c	2016-01-01 09:19:41 UTC (rev 6228)
+++ trunk/ttssh2/ttxssh/cipher-ctr.c	2016-01-01 11:06:37 UTC (rev 6229)
@@ -20,6 +20,7 @@
 #include <sys/types.h>
 #include <malloc.h>
 #include <string.h>
+#include <windows.h>
 
 #include "config.h"
 
@@ -122,7 +123,7 @@
 	struct ssh_aes_ctr_ctx *c;
 
 	if((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
-		memset(c, 0, sizeof(*c));
+		SecureZeroMemory(c, sizeof(*c));
 		free(c);
 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
 	}
@@ -201,7 +202,7 @@
 	struct ssh_des3_ctr_ctx *c;
 
 	if((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
-		memset(c, 0, sizeof(*c));
+		SecureZeroMemory(c, sizeof(*c));
 		free(c);
 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
 	}
@@ -295,7 +296,7 @@
 	struct ssh_blowfish_ctr_ctx *c;
 
 	if((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
-		memset(c, 0, sizeof(*c));
+		SecureZeroMemory(c, sizeof(*c));
 		free(c);
 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
 	}
@@ -389,7 +390,7 @@
 	struct ssh_cast5_ctr_ctx *c;
 
 	if((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
-		memset(c, 0, sizeof(*c));
+		SecureZeroMemory(c, sizeof(*c));
 		free(c);
 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
 	}
@@ -463,7 +464,7 @@
 	struct ssh_camellia_ctr_ctx *c;
 
 	if((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
-		memset(c, 0, sizeof(*c));
+		SecureZeroMemory(c, sizeof(*c));
 		free(c);
 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
 	}

Modified: trunk/ttssh2/ttxssh/crypt.c
===================================================================
--- trunk/ttssh2/ttxssh/crypt.c	2016-01-01 09:19:41 UTC (rev 6228)
+++ trunk/ttssh2/ttxssh/crypt.c	2016-01-01 11:06:37 UTC (rev 6229)
@@ -1415,7 +1415,7 @@
 			notify_fatal_error(pvar, tmp, TRUE);
 		}
 		else {
-			memset(discard, 0, discard_len);
+			SecureZeroMemory(discard, discard_len);
 		}
 		free(junk);
 		free(discard);
@@ -1921,21 +1921,21 @@
 	destroy_public_key(&pvar->crypt_state.server_key);
 
 	if (pvar->crypt_state.detect_attack_statics.h != NULL) {
-		memset(pvar->crypt_state.detect_attack_statics.h, 0,
+		SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h, 
 		       pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
 		free(pvar->crypt_state.detect_attack_statics.h);
 	}
 
-	memset(pvar->crypt_state.sender_cipher_key, 0,
+	SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
 	       sizeof(pvar->crypt_state.sender_cipher_key));
-	memset(pvar->crypt_state.receiver_cipher_key, 0,
+	SecureZeroMemory(pvar->crypt_state.receiver_cipher_key, 
 	       sizeof(pvar->crypt_state.receiver_cipher_key));
-	memset(pvar->crypt_state.server_cookie, 0,
+	SecureZeroMemory(pvar->crypt_state.server_cookie, 
 	       sizeof(pvar->crypt_state.server_cookie));
-	memset(pvar->crypt_state.client_cookie, 0,
+	SecureZeroMemory(pvar->crypt_state.client_cookie, 
 	       sizeof(pvar->crypt_state.client_cookie));
-	memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
-	memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
+	SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
+	SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
 }
 
 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
@@ -2011,10 +2011,10 @@
 		break;
 
 	default:
-		memset(passphrase_key, 0, sizeof(passphrase_key));
+		SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
 		return 0;
 	}
 
-	memset(passphrase_key, 0, sizeof(passphrase_key));
+	SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
 	return 1;
 }

Modified: trunk/ttssh2/ttxssh/ed25519_bcrypt_pbkdf.c
===================================================================
--- trunk/ttssh2/ttxssh/ed25519_bcrypt_pbkdf.c	2016-01-01 09:19:41 UTC (rev 6228)
+++ trunk/ttssh2/ttxssh/ed25519_bcrypt_pbkdf.c	2016-01-01 11:06:37 UTC (rev 6229)
@@ -34,6 +34,8 @@
 #include "ed25519_crypto_api.h"
 #define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
 
+#include <windows.h>
+
 /*
  * pkcs #5 pbkdf2 implementation using the "bcrypt" hash
  *
@@ -97,9 +99,9 @@
 	}
 
 	/* zap */
-	memset(ciphertext, 0, sizeof(ciphertext));
-	memset(cdata, 0, sizeof(cdata));
-	memset(&state, 0, sizeof(state));
+	SecureZeroMemory(ciphertext, sizeof(ciphertext));
+	SecureZeroMemory(cdata, sizeof(cdata));
+	SecureZeroMemory(&state, sizeof(state));
 }
 
 int
@@ -161,8 +163,8 @@
 	}
 
 	/* zap */
-	memset(out, 0, sizeof(out));
-	memset(countsalt, 0, saltlen + 4);
+	SecureZeroMemory(out, sizeof(out));
+	SecureZeroMemory(countsalt, saltlen + 4);
 	free(countsalt);
 
 	return 0;

Modified: trunk/ttssh2/ttxssh/key.c
===================================================================
--- trunk/ttssh2/ttxssh/key.c	2016-01-01 09:19:41 UTC (rev 6228)
+++ trunk/ttssh2/ttxssh/key.c	2016-01-01 11:06:37 UTC (rev 6229)
@@ -134,7 +134,7 @@
 	EVP_DigestFinal(&md, digest, &dlen);
 
 	ret = DSA_do_verify(digest, dlen, sig, key);
-	memset(digest, 'd', sizeof(digest));
+	SecureZeroMemory(digest, sizeof(digest));
 
 	DSA_SIG_free(sig);
 
@@ -308,8 +308,8 @@
 
 	ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key);
 
-	memset(digest, 'd', sizeof(digest));
-	memset(sigblob, 's', len);
+	SecureZeroMemory(digest, sizeof(digest));
+	SecureZeroMemory(sigblob, len);
 	//free(sigblob);
 	//debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
 
@@ -372,7 +372,7 @@
 	EVP_DigestFinal(&md, digest, &dlen);
 
 	ret = ECDSA_do_verify(digest, dlen, sig, key);
-	memset(digest, 'd', sizeof(digest));
+	SecureZeroMemory(digest, sizeof(digest));
 
 	ECDSA_SIG_free(sig);
 
@@ -434,15 +434,15 @@
 	free(ktype);
 
 	if (sigblob) {
-		memset(sigblob, 's', len);
+		SecureZeroMemory(sigblob, len);
 		free(sigblob);
 	}
 	if (sm) {
-		memset(sm, 'S', (size_t)smlen);
+		SecureZeroMemory(sm, (size_t)smlen);
 		free(sm);
 	}
 	if (m) {
-		memset(m, 'm', (size_t)smlen); /* NB. mlen may be invalid if ret != 0 */
+		SecureZeroMemory(m, (size_t)smlen); /* NB. mlen may be invalid if ret != 0 */
 		free(m);
 	}
 
@@ -660,7 +660,7 @@
 		EVP_DigestInit(&ctx, md);
 		EVP_DigestUpdate(&ctx, blob, len);
 		EVP_DigestFinal(&ctx, retval, dgst_raw_length);
-		memset(blob, 0, len);
+		SecureZeroMemory(blob, len);
 		free(blob);
 	} else {
 		//fatal("key_fingerprint_raw: blob is null");
@@ -905,7 +905,7 @@
 		break;
 	}
 
-	memset(dgst_raw, 0, dgst_raw_len);
+	SecureZeroMemory(dgst_raw, dgst_raw_len);
 	free(dgst_raw);
 
 	return (retval);
@@ -1118,12 +1118,12 @@
 		key->ecdsa = NULL;
 	}
 	if (key->ed25519_pk != NULL) {
-		memset(key->ed25519_pk, 0, ED25519_PK_SZ);
+		SecureZeroMemory(key->ed25519_pk, ED25519_PK_SZ);
 		free(key->ed25519_pk);
 		key->ed25519_pk = NULL;
 	}
 	if (key->ed25519_sk) {
-		memset(key->ed25519_sk, 0, ED25519_SK_SZ);
+		SecureZeroMemory(key->ed25519_sk, ED25519_SK_SZ);
 		free(key->ed25519_sk);
 		key->ed25519_sk = NULL;
 	}
@@ -1431,7 +1431,7 @@
 		memcpy(*sigp, buffer_ptr(b), len);
 	}
 	buffer_free(b);
-	memset(sig, 's', slen);
+	SecureZeroMemory(sig, slen);
 	free(sig);
 
 	return 0;
@@ -1471,7 +1471,7 @@
 
 		// \x93d\x8Eq\x8F\x90\x96\xBC\x82\xF0\x8Cv\x8EZ
 		ok = RSA_sign(nid, digest, dlen, sig, &len, keypair->rsa);
-		memset(digest, 'd', sizeof(digest));
+		SecureZeroMemory(digest, sizeof(digest));
 		if (ok != 1) { // error
 			free(sig);
 			goto error;
@@ -1523,7 +1523,7 @@
 
 		// DSA\x93d\x8Eq\x8F\x90\x96\xBC\x82\xF0\x8Cv\x8EZ
 		sig = DSA_do_sign(digest, dlen, keypair->dsa);
-		memset(digest, 'd', sizeof(digest));
+		SecureZeroMemory(digest, sizeof(digest));
 		if (sig == NULL) {
 			goto error;
 		}
@@ -1576,7 +1576,7 @@
 		EVP_DigestFinal(&md, digest, &dlen);
 
 		sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa);
-		memset(digest, 'd', sizeof(digest));
+		SecureZeroMemory(digest, sizeof(digest));
 
 		if (sig == NULL) {
 			goto error;

Modified: trunk/ttssh2/ttxssh/keyfiles.c
===================================================================
--- trunk/ttssh2/ttxssh/keyfiles.c	2016-01-01 09:19:41 UTC (rev 6228)
+++ trunk/ttssh2/ttxssh/keyfiles.c	2016-01-01 11:06:37 UTC (rev 6229)
@@ -258,7 +258,7 @@
 			                  "The passphrase is incorrect.");
 			notify_nonfatal_error(pvar, pvar->ts->UIMsg);
 		}
-		memset(keyfile_data, 0, length);
+		SecureZeroMemory(keyfile_data, length);
 		free(keyfile_data);
 		return NULL;
 	}
@@ -287,7 +287,7 @@
 		UTIL_get_lang_msg("MSG_KEYFILES_PRIVATEKEY_TRUNCATE_ERROR", pvar,
 		              "The specified key file has been truncated and does not contain a valid private key.");
 		notify_nonfatal_error(pvar, pvar->ts->UIMsg);
-		memset(keyfile_data, 0, length);
+		SecureZeroMemory(keyfile_data, length);
 		free(keyfile_data);
 		return NULL;
 	}
@@ -309,7 +309,7 @@
 		key = NULL;
 	}
 
-	memset(keyfile_data, 0, length);
+	SecureZeroMemory(keyfile_data, length);
 	free(keyfile_data);
 	return key;
 }

Modified: trunk/ttssh2/ttxssh/ttxssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.c	2016-01-01 09:19:41 UTC (rev 6228)
+++ trunk/ttssh2/ttxssh/ttxssh.c	2016-01-01 11:06:37 UTC (rev 6229)
@@ -4103,7 +4103,7 @@
 	for(i = 0; i <= 256; i += sizeof(rand_buf))
 		RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf);
 
-	memset(rand_buf, 0, sizeof(rand_buf));
+	SecureZeroMemory(rand_buf, sizeof(rand_buf));
 
 	rc4_ready = REKEY_BYTES;
 }
@@ -4192,7 +4192,7 @@
 	if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
 		EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
 		EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
-			memset(c, 0, sizeof(*c));
+			SecureZeroMemory(c, sizeof(*c));
 			free(c);
 			EVP_CIPHER_CTX_set_app_data(ctx, NULL);
 			return (0);
@@ -4223,7 +4223,7 @@
 		EVP_CIPHER_CTX_cleanup(&c->k1);
 		EVP_CIPHER_CTX_cleanup(&c->k2);
 		EVP_CIPHER_CTX_cleanup(&c->k3);
-		memset(c, 0, sizeof(*c));
+		SecureZeroMemory(c, sizeof(*c));
 		free(c);
 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);
 	}
@@ -4660,7 +4660,7 @@
 	// \x82\xB1\x82\xB1\x82ł\xCD"AES256-CBC"\x82ɌŒ\xE8\x82Ƃ\xB7\x82\xE9\x81B
 	cipher_init_SSH2(&cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_ENCRYPT, 
 		get_cipher_EVP_CIPHER(ciphernameval), 0, pvar);
-	memset(key, 0, keylen + ivlen);
+	SecureZeroMemory(key, keylen + ivlen);
 	free(key);
 
 	buffer_append(encoded, AUTH_MAGIC, sizeof(AUTH_MAGIC));
@@ -4680,7 +4680,7 @@
 
 	buffer_put_string(encoded, cp, len);
 
-	memset(cp, 0, len);
+	SecureZeroMemory(cp, len);
 	free(cp);
 
 	/* Random check bytes */

Modified: trunk/ttssh2/ttxssh/util.c
===================================================================
--- trunk/ttssh2/ttxssh/util.c	2016-01-01 09:19:41 UTC (rev 6228)
+++ trunk/ttssh2/ttxssh/util.c	2016-01-01 11:06:37 UTC (rev 6229)
@@ -304,7 +304,7 @@
 
 void UTIL_destroy_sock_write_buf(UTILSockWriteBuf FAR * buf)
 {
-	memset(buf->bufdata, 0, buf->buflen);
+	SecureZeroMemory(buf->bufdata, buf->buflen);
 	buf_destroy(&buf->bufdata, &buf->buflen);
 }
 

Modified: trunk/ttssh2/ttxssh/x11util.c
===================================================================
--- trunk/ttssh2/ttxssh/x11util.c	2016-01-01 09:19:41 UTC (rev 6228)
+++ trunk/ttssh2/ttxssh/x11util.c	2016-01-01 11:06:37 UTC (rev 6229)
@@ -135,10 +135,10 @@
 
 void X11_dispose_auth_data(X11AuthData FAR * auth_data)
 {
-	memset(auth_data->local_data, 0, auth_data->local_data_len);
+	SecureZeroMemory(auth_data->local_data, auth_data->local_data_len);
 	free(auth_data->local_data);
 	free(auth_data->spoofed_protocol);
-	memset(auth_data->spoofed_data, 0, auth_data->spoofed_data_len);
+	SecureZeroMemory(auth_data->spoofed_data, auth_data->spoofed_data_len);
 	free(auth_data->spoofed_data);
 	free(auth_data);
 }



Ttssh2-commit メーリングリストの案内