Always use ZEND_SECURE_ZERO() when cleaning up data

smalyshev · smalyshev · commit 588db7cecf6c · 2019-04-06T18:15:42.000-07:00
Optimizing compilers have an annoying tendency to throw out
memsets over data that they think aren't used anymore. Apply secure
zero-out in cases where this has potential to happen.
diff --git a/ext/hash/hash_sha3.c b/ext/hash/hash_sha3.c
@@ -191,7 +191,7 @@ static void PHP_SHA3_Final(unsigned char* digest,
 	}
 
 	// Zero out context
-	memset(ctx, 0, sizeof(PHP_SHA3_CTX));
+	ZEND_SECURE_ZERO(ctx, sizeof(PHP_SHA3_CTX));
 }
 
 // ==========================================================================
diff --git a/ext/hash/hash_snefru.c b/ext/hash/hash_snefru.c
@@ -129,7 +129,7 @@ static inline void SnefruTransform(PHP_SNEFRU_CTX *context, const unsigned char
 								((input[i+2] & 0xff) << 8) | (input[i+3] & 0xff);
 	}
 	Snefru(context->state);
-	memset(&context->state[8], 0, sizeof(uint32_t) * 8);
+	ZEND_SECURE_ZERO(&context->state[8], sizeof(uint32_t) * 8);
 }
 
 PHP_HASH_API void PHP_SNEFRUInit(PHP_SNEFRU_CTX *context)
diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
@@ -605,6 +605,8 @@ PHP_FUNCTION(mcrypt_generic_init)
 	}
 	RETVAL_LONG(result);
 
+	ZEND_SECURE_ZERO(key_s, key_len);
+	ZEND_SECURE_ZERO(iv_s, iv_len);
 	efree(iv_s);
 	efree(key_s);
 }
diff --git a/ext/standard/php_crypt_r.c b/ext/standard/php_crypt_r.c
@@ -364,7 +364,7 @@ char * php_md5_crypt_r(const char *pw, const char *salt, char *out)
 		PHP_MD5Update(&ctx, final, (unsigned int)(pl > 16 ? 16 : pl));
 
 	/* Don't leave anything around in vm they could use. */
-	memset(final, 0, sizeof(final));
+	ZEND_SECURE_ZERO(final, sizeof(final));
 
 	/* Then something really weird... */
 	for (i = pwl; i != 0; i >>= 1)
diff --git a/ext/standard/sha1.c b/ext/standard/sha1.c
@@ -245,7 +245,7 @@ PHPAPI void PHP_SHA1Final(unsigned char digest[20], PHP_SHA1_CTX * context)
 
 	/* Zeroize sensitive information.
 	 */
-	memset((unsigned char*) context, 0, sizeof(*context));
+	ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -356,7 +356,7 @@ const unsigned char block[64];
 	state[4] += e;
 
 	/* Zeroize sensitive information. */
-	memset((unsigned char*) x, 0, sizeof(x));
+	ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
 }
 /* }}} */
 

Original file line number	Diff line number	Diff line change
`@@ -191,7 +191,7 @@ static void PHP_SHA3_Final(unsigned char* digest,`
`191`	`191`	`}`
`192`	`192`
`193`	`193`	`// Zero out context`
`194`		`- memset(ctx, 0, sizeof(PHP_SHA3_CTX));`
	`194`	`+ ZEND_SECURE_ZERO(ctx, sizeof(PHP_SHA3_CTX));`
`195`	`195`	`}`
`196`	`196`
`197`	`197`	`// ==========================================================================`
Original file line number	Diff line number	Diff line change
`@@ -129,7 +129,7 @@ static inline void SnefruTransform(PHP_SNEFRU_CTX *context, const unsigned char`
`129`	`129`	`((input[i+2] & 0xff) << 8) \| (input[i+3] & 0xff);`
`130`	`130`	`}`
`131`	`131`	`Snefru(context->state);`
`132`		`- memset(&context->state[8], 0, sizeof(uint32_t) * 8);`
	`132`	`+ ZEND_SECURE_ZERO(&context->state[8], sizeof(uint32_t) * 8);`
`133`	`133`	`}`
`134`	`134`
`135`	`135`	`PHP_HASH_API void PHP_SNEFRUInit(PHP_SNEFRU_CTX *context)`
Original file line number	Diff line number	Diff line change
`@@ -605,6 +605,8 @@ PHP_FUNCTION(mcrypt_generic_init)`
`605`	`605`	`}`
`606`	`606`	`RETVAL_LONG(result);`
`607`	`607`
	`608`	`+ ZEND_SECURE_ZERO(key_s, key_len);`
	`609`	`+ ZEND_SECURE_ZERO(iv_s, iv_len);`
`608`	`610`	`efree(iv_s);`
`609`	`611`	`efree(key_s);`
`610`	`612`	`}`
Original file line number	Diff line number	Diff line change
`@@ -245,7 +245,7 @@ PHPAPI void PHP_SHA1Final(unsigned char digest[20], PHP_SHA1_CTX * context)`
`245`	`245`
`246`	`246`	`/* Zeroize sensitive information.`
`247`	`247`	`*/`
`248`		`- memset((unsigned char) context, 0, sizeof(context));`
	`248`	`+ ZEND_SECURE_ZERO((unsigned char) context, sizeof(context));`
`249`	`249`	`}`
`250`	`250`	`/* }}} */`
`251`	`251`
`@@ -356,7 +356,7 @@ const unsigned char block[64];`
`356`	`356`	`state[4] += e;`
`357`	`357`
`358`	`358`	`/* Zeroize sensitive information. */`
`359`		`- memset((unsigned char*) x, 0, sizeof(x));`
	`359`	`+ ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));`
`360`	`360`	`}`
`361`	`361`	`/* }}} */`
`362`	`362`