NetBSD Problem Report #32778
From john@johnrshannon.com Wed Feb 8 22:33:33 2006
Return-Path: <john@johnrshannon.com>
Received: from mail.johnrshannon.com (mail.johnrshannon.com [69.20.159.165])
by narn.netbsd.org (Postfix) with ESMTP id 4515063B863
for <gnats-bugs@gnats.NetBSD.org>; Wed, 8 Feb 2006 22:33:33 +0000 (UTC)
Message-Id: <20060208223321.E449A1F83D@colleen.internal.johnrshannon.com>
Date: Wed, 8 Feb 2006 15:33:21 -0700 (MST)
From: john@johnrshannon.com
Reply-To: john@johnrshannon.com
To: gnats-bugs@netbsd.org
Subject: Sensitive parameter clearing code in sha1 will be removed by optimizer
X-Send-Pr-Version: 3.95
>Number: 32778
>Category: lib
>Synopsis: Sensitive parameter clearing code in sha1 will be removed by optimizer
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Feb 08 22:35:00 +0000 2006
>Originator: shannonjr@NetBSD.org
>Release: NetBSD 3.99.15
>Organization:
NetBSD.org
>Environment:
System: NetBSD colleen.internal.johnrshannon.com 3.99.15 NetBSD 3.99.15 (KERNEL.MPACPI.COLLEEN) #0: Sun Feb 5 06:41:34 MST 2006 build@colleen.internal.johnrshannon.com:/usr/obj/import/CURRENT/src/sys/arch/i386/compile/KERNEL.MPACPI.COLLEEN i386
Architecture: i386
Machine: i386
>Description:
src/common/lib/libc/hash/sha1/sha1.c contains the following:
/* Wipe variables */
a = b = c = d = e = 0;
as the last lines in SHA1Transform() to ensure that sensitive
intermediate values are not left on the stack. The problem is
that most optimizing compilers will optimize these statements
away.
>How-To-Repeat:
Identified in code review.
>Fix:
Use mset() to clear variables.
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.