A few more memset()s converted to OPENSSL_cleanse().

author Richard Levitte <levitte@openssl.org>

Fri, 29 Nov 2002 11:30:45 +0000 (11:30 +0000)

committer Richard Levitte <levitte@openssl.org>

Fri, 29 Nov 2002 11:30:45 +0000 (11:30 +0000)
author Richard Levitte <levitte@openssl.org>
Fri, 29 Nov 2002 11:30:45 +0000 (11:30 +0000)
committer Richard Levitte <levitte@openssl.org>
Fri, 29 Nov 2002 11:30:45 +0000 (11:30 +0000)
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c

index fc610e04380d7e2ced3cb965228a2a8202422520..bbcc62d831a47108e5a9f0ebd565d4177067f1cb 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a)
         if (a == NULL) return;
         if (a->d != NULL)
                 {
-               memset(a->d,0,a->dmax*sizeof(a->d[0]));
+               OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
                 if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
                         OPENSSL_free(a->d);
                 }
         i=BN_get_flags(a,BN_FLG_MALLOCED);
-       memset(a,0,sizeof(BIGNUM));
+       OPENSSL_cleanse(a,sizeof(BIGNUM));
         if (i)
                 OPENSSL_free(a);
         }
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c

index e6705f7025bd82e039a7a261f45d1b76820fce15..480817a4b6299cb80141dd0c18501647111ebe9b 100644 (file)
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
  err:
         if (buf != NULL)
                 {
-               memset(buf,0,bytes);
+               OPENSSL_cleanse(buf,bytes);
                 OPENSSL_free(buf);
                 }
         return(ret);
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c

index 39a66f189f2661dbfcfc8fc04d74a1e6a398a1e8..66c48d1431fc943749901b6935aec28e6d9a8607 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -454,9 +454,9 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                 {
                 if(c->cipher->cleanup && !c->cipher->cleanup(c))
                         return 0;
-               /* Zero cipher context data */
+               /* Cleanse cipher context data */
                 if (c->cipher_data)
-                       memset(c->cipher_data, 0, c->cipher->ctx_size);
+                       OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
                 }
         if (c->cipher_data)
                 OPENSSL_free(c->cipher_data);
diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c

index f98009acad25efcd64f3c419b486c56b6b98cef3..47866c3c86fb07f0371665001b789d45c09898e2 100644 (file)
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -196,7 +196,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d)
                 t=(t+i)&0xff;
                 }
         memcpy(sp1,state,16*sizeof(MD2_INT));
-       memset(state,0,48*sizeof(MD2_INT));
+       OPENSSL_cleanse(state,48*sizeof(MD2_INT));
         }
  
  int MD2_Final(unsigned char *md, MD2_CTX *c)
diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c

index b12c37ce4def4e1a538b7bca74ef7cac8ce7b8e3..835160ef56d1bcf4470bd3f79633d4a137c63f79 100644 (file)
--- a/crypto/md2/md2_one.c
+++ b/crypto/md2/md2_one.c
@@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
         }
  #endif
         MD2_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* Security consideration */
+       OPENSSL_cleanse(&c,sizeof(c));  /* Security consideration */
         return(md);
         }
diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c

index 87a995d38d434f68ff3bb6056d887abe6f03880b..53efd430ec01640c9ee76d3ce90f9bd8ee3433fc 100644 (file)
--- a/crypto/md4/md4_one.c
+++ b/crypto/md4/md4_one.c
@@ -89,7 +89,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
         }
  #endif
         MD4_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* security consideration */
+       OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
         return(md);
         }
  
diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c

index b89dec850d2d5b20ed511227cac38a986b2380cd..c67eb795ca76398aa8c58ab03575c6960d743c41 100644 (file)
--- a/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
@@ -89,7 +89,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
         }
  #endif
         MD5_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* security consideration */
+       OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
         return(md);
         }
  
diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c

index 6cd141b4d621b64bd9d062280fde4e7061e71dbb..37f06c8d77cfee5ee5194449e302b7390a025dc0 100644 (file)
--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
@@ -69,7 +69,7 @@ unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md)
         MDC2_Init(&c);
         MDC2_Update(&c,d,n);
          MDC2_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* security consideration */
+       OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
         return(md);
         }
  
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c

index d3e9ce85772cf71bb900ecb1852e5de7e3f3e927..900af737edca08fda3b2daf980dd00d14793cc5c 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -343,7 +343,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                  * NOT taken from the BytesToKey function */
                 EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
  
-               if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+               if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
  
                 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
  
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index c687da9b2e5d24fcb496118cb89589da4b765ab4..3db3e78d5e1d50778adf8db21e40c72cc5eb452e 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1717,7 +1717,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                         s->method->ssl3_enc->generate_master_secret(s,
                                 s->session->master_key,
                                 p,i);
-               memset(p,0,i);
+               OPENSSL_cleanse(p,i);
                 }
         else
  #endif
@@ -1780,7 +1780,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 s->session->master_key_length=
                         s->method->ssl3_enc->generate_master_secret(s,
                                 s->session->master_key,p,i);
-               memset(p,0,i);
+               OPENSSL_cleanse(p,i);
                 }
         else
  #endif
author	Richard Levitte <levitte@openssl.org>
	Fri, 29 Nov 2002 11:30:45 +0000 (11:30 +0000)
committer	Richard Levitte <levitte@openssl.org>
	Fri, 29 Nov 2002 11:30:45 +0000 (11:30 +0000)
crypto/bn/bn_lib.c		patch \| blob \| history
crypto/bn/bn_rand.c		patch \| blob \| history
crypto/evp/evp_enc.c		patch \| blob \| history
crypto/md2/md2_dgst.c		patch \| blob \| history
crypto/md2/md2_one.c		patch \| blob \| history
crypto/md4/md4_one.c		patch \| blob \| history
crypto/md5/md5_one.c		patch \| blob \| history
crypto/mdc2/mdc2_one.c		patch \| blob \| history
crypto/pem/pem_lib.c		patch \| blob \| history
ssl/s3_srvr.c		patch \| blob \| history