- djm@cvs.openbsd.org 2014/02/02 03:44:32
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
[buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
[kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
[monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
[ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c]
convert memset of potentially-private data to explicit_bzero()
diff --git a/cipher.c b/cipher.c
index 98961be..ee79a1e 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.95 2014/01/27 19:18:54 markus Exp $ */
+/* $OpenBSD: cipher.c,v 1.96 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -337,7 +337,7 @@
if (EVP_Cipher(&cc->evp, discard, junk,
cipher->discard_len) == 0)
fatal("evp_crypt: EVP_Cipher failed during discard");
- memset(discard, 0, cipher->discard_len);
+ explicit_bzero(discard, cipher->discard_len);
free(junk);
free(discard);
}
@@ -422,7 +422,7 @@
cipher_cleanup(CipherContext *cc)
{
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
- memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx));
+ explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
}
@@ -444,7 +444,7 @@
cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt);
- memset(digest, 0, sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
}
/*