BIND 10 trac2406, updated. ce31d643e31a04ab7ed5b25f96fe21d48c98f22a [trac2406] add a dedicated struct to zeroize buffers
BIND 10 source code commits
bind10-changes at lists.isc.org
Wed Oct 31 22:26:12 UTC 2012
The branch, trac2406 has been updated
via ce31d643e31a04ab7ed5b25f96fe21d48c98f22a (commit)
from f58b7e55f9ce6f239d6396fc786939a1b3b2e41a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ce31d643e31a04ab7ed5b25f96fe21d48c98f22a
Author: Francis Dupont <fdupont at isc.org>
Date: Wed Oct 31 23:26:04 2012 +0100
[trac2406] add a dedicated struct to zeroize buffers
-----------------------------------------------------------------------
Summary of changes:
src/lib/cryptolink/crypto_hmac.cc | 62 ++++++++++++++++++++++++++++++++++---
1 file changed, 58 insertions(+), 4 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/cryptolink/crypto_hmac.cc b/src/lib/cryptolink/crypto_hmac.cc
index 7b37399..f7c12ca 100644
--- a/src/lib/cryptolink/crypto_hmac.cc
+++ b/src/lib/cryptolink/crypto_hmac.cc
@@ -52,6 +52,60 @@ getOpenSSLHashAlgorithm(isc::cryptolink::HashAlgorithm algorithm) {
return (0);
}
+template<typename T>
+struct SecBuf {
+public:
+ typedef typename std::vector<T>::iterator iterator;
+
+ typedef typename std::vector<T>::const_iterator const_iterator;
+
+ explicit SecBuf() : vec_(std::vector<T>()) {}
+
+ explicit SecBuf(size_t n, const T& value = T()) :
+ vec_(std::vector<T>(n, value))
+ {}
+
+ SecBuf(iterator first, iterator last) :
+ vec_(std::vector<T>(first, last))
+ {}
+
+ SecBuf(const_iterator first, const_iterator last) :
+ vec_(std::vector<T>(first, last))
+ {}
+
+ SecBuf(const std::vector<T>& x) : vec_(x) {}
+
+ ~SecBuf() {
+ std::memset(&vec_[0], 0, vec_.capacity() * sizeof(T));
+ };
+
+ iterator begin() { return (vec_.begin()); };
+
+ const_iterator begin() const { return (vec_.begin()); };
+
+ iterator end() { return (vec_.end()); };
+
+ const_iterator end() const { return (vec_.end()); };
+
+ size_t size() const { return (vec_.size()); };
+
+ void resize(size_t sz) { vec_.resize(sz); };
+
+ SecBuf& operator=(const SecBuf& x) {
+ if (&x != *this) {
+ vec_ = x.vec_;
+ }
+ return (*this);
+ };
+
+ T& operator[](size_t n) { return (vec_[n]); };
+
+ const T& operator[](size_t n) const { return (vec_[n]); };
+
+private:
+ std::vector<T> vec_;
+};
+
} // local namespace
namespace isc {
@@ -95,7 +149,7 @@ public:
void sign(isc::util::OutputBuffer& result, size_t len) {
size_t size = getOutputLength();
- std::vector<unsigned char> digest(size);
+ SecBuf<unsigned char> digest(size);
HMAC_Final(md_.get(), &digest[0], NULL);
if (len == 0 || len > size) {
len = size;
@@ -105,7 +159,7 @@ public:
void sign(void* result, size_t len) {
size_t size = getOutputLength();
- std::vector<unsigned char> digest(size);
+ SecBuf<unsigned char> digest(size);
HMAC_Final(md_.get(), &digest[0], NULL);
if (len > size) {
len = size;
@@ -115,7 +169,7 @@ public:
std::vector<uint8_t> sign(size_t len) {
size_t size = getOutputLength();
- std::vector<unsigned char> digest(size);
+ SecBuf<unsigned char> digest(size);
HMAC_Final(md_.get(), &digest[0], NULL);
if (len != 0 && len < size) {
digest.resize(len);
@@ -128,7 +182,7 @@ public:
if (len != 0 && len < size / 2) {
return (false);
}
- std::vector<unsigned char> digest(size);
+ SecBuf<unsigned char> digest(size);
HMAC_Final(md_.get(), &digest[0], NULL);
if (len == 0 || len > size) {
len = size;
More information about the bind10-changes
mailing list