From a8902e4cdd6149e5124383b25db8688dcdacd790 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Thomas=20Wei=C3=9Fschuh?= Date: Sun, 24 Dec 2023 13:50:40 +0100 Subject: [PATCH] sha1: properly wipe variables MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Dead stores may very well be optimized away. Signed-off-by: Thomas Weißschuh --- lib/sha1.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/sha1.c b/lib/sha1.c index eedeaa84ae..2e6b44d053 100644 --- a/lib/sha1.c +++ b/lib/sha1.c @@ -153,7 +153,11 @@ void ul_SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) state[3] += d; state[4] += e; /* Wipe variables */ - a = b = c = d = e = 0; + explicit_bzero(&a, sizeof(a)); + explicit_bzero(&b, sizeof(b)); + explicit_bzero(&c, sizeof(c)); + explicit_bzero(&d, sizeof(d)); + explicit_bzero(&e, sizeof(e)); #ifdef UL_SHA1HANDSOFF memset(block, '\0', sizeof(block)); #endif -- 2.47.3