NetBSD Problem Report #32778

From john@johnrshannon.com  Wed Feb  8 22:33:33 2006
Return-Path: <john@johnrshannon.com>
Received: from mail.johnrshannon.com (mail.johnrshannon.com [69.20.159.165])
	by narn.netbsd.org (Postfix) with ESMTP id 4515063B863
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  8 Feb 2006 22:33:33 +0000 (UTC)
Message-Id: <20060208223321.E449A1F83D@colleen.internal.johnrshannon.com>
Date: Wed,  8 Feb 2006 15:33:21 -0700 (MST)
From: john@johnrshannon.com
Reply-To: john@johnrshannon.com
To: gnats-bugs@netbsd.org
Subject: Sensitive parameter clearing code in sha1 will be removed by optimizer
X-Send-Pr-Version: 3.95

>Number:         32778
>Category:       lib
>Synopsis:       Sensitive parameter clearing code in sha1 will be removed by optimizer
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 08 22:35:00 +0000 2006
>Originator:     shannonjr@NetBSD.org
>Release:        NetBSD 3.99.15
>Organization:
	NetBSD.org
>Environment:
System: NetBSD colleen.internal.johnrshannon.com 3.99.15 NetBSD 3.99.15 (KERNEL.MPACPI.COLLEEN) #0: Sun Feb 5 06:41:34 MST 2006 build@colleen.internal.johnrshannon.com:/usr/obj/import/CURRENT/src/sys/arch/i386/compile/KERNEL.MPACPI.COLLEEN i386
Architecture: i386
Machine: i386
>Description:
	src/common/lib/libc/hash/sha1/sha1.c contains the following:

	   /* Wipe variables */
           a = b = c = d = e = 0;

       as the last lines in SHA1Transform() to ensure that sensitive
       intermediate values are not left on the stack. The problem is
       that most optimizing compilers will optimize these statements
       away.

>How-To-Repeat:
	Identified in code review.
>Fix:
	Use mset() to clear variables.

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.