OpenSolaris

Printable Version Enter a New Search
Bug ID 6264344
Synopsis Remove gratuitous bzero() calls from SHA1Final() and MD5Final()
State 10-Fix Delivered (Fix available in build)
Category:Subcategory solaris-crypto:algorithms
Keywords ef-iteam | greyhound_s10u | onnv_triage
Responsible Engineer Kais Belgaied
Reported Against
Duplicate Of
Introduced In solaris_10
Commit to Fix snv_17
Fixed In snv_17
Release Fixed solaris_nevada(snv_17) , solaris_10u2(s10u2_02) (Bug ID:2132203)
Related Bugs 6387674 , 6755655
Submit Date 2-May-2005
Last Update Date 26-August-2005
Description 
synopsis says it all.
The following section in both functions:
		/* zeroize sensitive information */
		bzero(ctx, sizeof (*ctx));

is pointless since this is the vanilla digest code, with no sensitive information
in the contexts.
If at all, *only* the parts that have expanded keys in MAC (SSL3 or HMAC) contexts
should be bzero'ed on free. MD5 and SHA's one-wayness guarantee that no key
can be recovered from the remaining parts of the digest context.
 xxxxx@xxxxx.com 2005-05-02 20:10:52 GMT
Work Around 
N/A
Comments 
N/A