commit a5103f413bde6f31bff85d6e1fd29799c647d765
author Damien Miller <djm@mindrot.org> Tue Feb 04 11:20:14 2014 +1100
committer Damien Miller <djm@mindrot.org> Tue Feb 04 11:20:14 2014 +1100
tree 0b35ad9292b2ca8d58229435865d0ec3818e5981
parent 1d2c4564265ee827147af246a16f3777741411ed

   - djm@cvs.openbsd.org 2014/02/02 03:44:32
     [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
     [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
     [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
     [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
     [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c]
     convert memset of potentially-private data to explicit_bzero()

ssh-keygen.c

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 8140447..9f03109 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.239 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.240 2014/02/02 03:44:31 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -267,7 +267,7 @@
 			pass = read_passphrase("Enter passphrase: ",
 			    RP_ALLOW_STDIN);
 		prv = key_load_private(filename, pass, NULL);
-		memset(pass, 0, strlen(pass));
+		explicit_bzero(pass, strlen(pass));
 		free(pass);
 	}
 	return prv;
@@ -1258,7 +1258,7 @@
 			    RP_ALLOW_STDIN);
 		private = key_load_private(identity_file, old_passphrase,
 		    &comment);
-		memset(old_passphrase, 0, strlen(old_passphrase));
+		explicit_bzero(old_passphrase, strlen(old_passphrase));
 		free(old_passphrase);
 		if (private == NULL) {
 			printf("Bad passphrase.\n");
@@ -1280,15 +1280,15 @@
 
 		/* Verify that they are the same. */
 		if (strcmp(passphrase1, passphrase2) != 0) {
-			memset(passphrase1, 0, strlen(passphrase1));
-			memset(passphrase2, 0, strlen(passphrase2));
+			explicit_bzero(passphrase1, strlen(passphrase1));
+			explicit_bzero(passphrase2, strlen(passphrase2));
 			free(passphrase1);
 			free(passphrase2);
 			printf("Pass phrases do not match.  Try again.\n");
 			exit(1);
 		}
 		/* Destroy the other copy. */
-		memset(passphrase2, 0, strlen(passphrase2));
+		explicit_bzero(passphrase2, strlen(passphrase2));
 		free(passphrase2);
 	}
 
@@ -1296,14 +1296,14 @@
 	if (!key_save_private(private, identity_file, passphrase1, comment,
 	    use_new_format, new_format_cipher, rounds)) {
 		printf("Saving the key failed: %s.\n", identity_file);
-		memset(passphrase1, 0, strlen(passphrase1));
+		explicit_bzero(passphrase1, strlen(passphrase1));
 		free(passphrase1);
 		key_free(private);
 		free(comment);
 		exit(1);
 	}
 	/* Destroy the passphrase and the copy of the key in memory. */
-	memset(passphrase1, 0, strlen(passphrase1));
+	explicit_bzero(passphrase1, strlen(passphrase1));
 	free(passphrase1);
 	key_free(private);		 /* Destroys contents */
 	free(comment);
@@ -1375,7 +1375,7 @@
 		/* Try to load using the passphrase. */
 		private = key_load_private(identity_file, passphrase, &comment);
 		if (private == NULL) {
-			memset(passphrase, 0, strlen(passphrase));
+			explicit_bzero(passphrase, strlen(passphrase));
 			free(passphrase);
 			printf("Bad passphrase.\n");
 			exit(1);
@@ -1396,7 +1396,7 @@
 		printf("Enter new comment: ");
 		fflush(stdout);
 		if (!fgets(new_comment, sizeof(new_comment), stdin)) {
-			memset(passphrase, 0, strlen(passphrase));
+			explicit_bzero(passphrase, strlen(passphrase));
 			key_free(private);
 			exit(1);
 		}
@@ -1407,13 +1407,13 @@
 	if (!key_save_private(private, identity_file, passphrase, new_comment,
 	    use_new_format, new_format_cipher, rounds)) {
 		printf("Saving the key failed: %s.\n", identity_file);
-		memset(passphrase, 0, strlen(passphrase));
+		explicit_bzero(passphrase, strlen(passphrase));
 		free(passphrase);
 		key_free(private);
 		free(comment);
 		exit(1);
 	}
-	memset(passphrase, 0, strlen(passphrase));
+	explicit_bzero(passphrase, strlen(passphrase));
 	free(passphrase);
 	public = key_from_private(private);
 	key_free(private);
@@ -2632,15 +2632,15 @@
 			 * The passphrases do not match.  Clear them and
 			 * retry.
 			 */
-			memset(passphrase1, 0, strlen(passphrase1));
-			memset(passphrase2, 0, strlen(passphrase2));
+			explicit_bzero(passphrase1, strlen(passphrase1));
+			explicit_bzero(passphrase2, strlen(passphrase2));
 			free(passphrase1);
 			free(passphrase2);
 			printf("Passphrases do not match.  Try again.\n");
 			goto passphrase_again;
 		}
 		/* Clear the other copy of the passphrase. */
-		memset(passphrase2, 0, strlen(passphrase2));
+		explicit_bzero(passphrase2, strlen(passphrase2));
 		free(passphrase2);
 	}
 
@@ -2655,12 +2655,12 @@
 	if (!key_save_private(private, identity_file, passphrase1, comment,
 	    use_new_format, new_format_cipher, rounds)) {
 		printf("Saving the key failed: %s.\n", identity_file);
-		memset(passphrase1, 0, strlen(passphrase1));
+		explicit_bzero(passphrase1, strlen(passphrase1));
 		free(passphrase1);
 		exit(1);
 	}
 	/* Clear the passphrase. */
-	memset(passphrase1, 0, strlen(passphrase1));
+	explicit_bzero(passphrase1, strlen(passphrase1));
 	free(passphrase1);
 
 	/* Clear the private key and the random number generator. */