Skip to content

Commit

Permalink
Really remove RNG seeds from the stack
Browse files Browse the repository at this point in the history
  • Loading branch information
@nmathewson
nmathewson committed Aug 19, 2013
1 parent bb52471 commit f5ced88
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 6 deletions.
12 changes: 6 additions & 6 deletions arc4random.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ arc4_seed_win32(void)
if (!CryptGenRandom(provider, sizeof(buf), buf))
return -1;
arc4_addrandom(buf, sizeof(buf));
memset(buf, 0, sizeof(buf));
evutil_memclear_(buf, sizeof(buf));
arc4_seeded_ok = 1;
return 0;
}
Expand Down Expand Up @@ -199,7 +199,7 @@ arc4_seed_sysctl_linux(void)
return -1;

arc4_addrandom(buf, sizeof(buf));
memset(buf, 0, sizeof(buf));
evutil_memclear_(buf, sizeof(buf));
arc4_seeded_ok = 1;
return 0;
}
Expand Down Expand Up @@ -239,7 +239,7 @@ arc4_seed_sysctl_bsd(void)
return -1;

arc4_addrandom(buf, sizeof(buf));
memset(buf, 0, sizeof(buf));
evutil_memclear_(buf, sizeof(buf));
arc4_seeded_ok = 1;
return 0;
}
Expand Down Expand Up @@ -284,8 +284,8 @@ arc4_seed_proc_sys_kernel_random_uuid(void)
arc4_addrandom(entropy, nybbles/2);
bytes += nybbles/2;
}
memset(entropy, 0, sizeof(entropy));
memset(buf, 0, sizeof(buf));
evutil_memclear_(entropy, sizeof(entropy));
evutil_memclear_(buf, sizeof(buf));
arc4_seeded_ok = 1;
return 0;
}
Expand All @@ -309,7 +309,7 @@ static int arc4_seed_urandom_helper_(const char *fname)
if (n != sizeof(buf))
return -1;
arc4_addrandom(buf, sizeof(buf));
memset(buf, 0, sizeof(buf));
evutil_memclear_(buf, sizeof(buf));
arc4_seeded_ok = 1;
return 0;
}
Expand Down
12 changes: 12 additions & 0 deletions evutil.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2109,6 +2109,18 @@ _evutil_weakrand(void)
#endif
}

/**
* Volatile pointer to memset: we use this to keep the compiler from
* eliminating our call to memset.
*/
void * (*volatile evutil_memset_volatile_)(void *, int, size_t) = memset;

void
evutil_memclear_(void *mem, size_t len)
{
evutil_memset_volatile_(mem, 0, len);
}

int
evutil_sockaddr_is_loopback(const struct sockaddr *addr)
{
Expand Down
2 changes: 2 additions & 0 deletions util-internal.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -320,6 +320,8 @@ HANDLE evutil_load_windows_system_library(const TCHAR *library_name);
#endif
#endif

void evutil_memclear_(void *mem, size_t len);

#ifdef __cplusplus
}
#endif
Expand Down

0 comments on commit f5ced88

Please sign in to comment.