A few more memset()s converted to OPENSSL_cleanse().

I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 7767d6517022eb2062a7bffed6c1e4791e7793cc..5f121dea1e49007118e3b1c097b4587175a855a5 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a)
        if (a == NULL) return;
        if (a->d != NULL)
                {
-               memset(a->d,0,a->dmax*sizeof(a->d[0]));
+               OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
                if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
                        OPENSSL_free(a->d);
                }
        i=BN_get_flags(a,BN_FLG_MALLOCED);
-       memset(a,0,sizeof(BIGNUM));
+       OPENSSL_cleanse(a,sizeof(BIGNUM));
        if (i)
                OPENSSL_free(a);
        }

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 4944ffbf232f3b432312f0aba1fedb3237fe1d32..eb65c28cbb413be0b936cebac6f4386b08fff7c0 100644 (file)
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 err:
        if (buf != NULL)
                {
-               memset(buf,0,bytes);
+               OPENSSL_cleanse(buf,bytes);
                OPENSSL_free(buf);
                }
        return(ret);

diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index 608baefa8f34d44da25c3a30b4f78c70c9600c81..458a3fad7fb854c4eec1ed203cf92489e293c3cf 100644 (file)
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -194,7 +194,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d)
                t=(t+i)&0xff;
                }
        memcpy(sp1,state,16*sizeof(MD2_INT));
-       memset(state,0,48*sizeof(MD2_INT));
+       OPENSSL_cleanse(state,48*sizeof(MD2_INT));
        }
 
 void MD2_Final(unsigned char *md, MD2_CTX *c)

diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c
index b12c37ce4def4e1a538b7bca74ef7cac8ce7b8e3..835160ef56d1bcf4470bd3f79633d4a137c63f79 100644 (file)
--- a/crypto/md2/md2_one.c
+++ b/crypto/md2/md2_one.c
@@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
        }
 #endif
        MD2_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* Security consideration */
+       OPENSSL_cleanse(&c,sizeof(c));  /* Security consideration */
        return(md);
        }

diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c
index 87a995d38d434f68ff3bb6056d887abe6f03880b..53efd430ec01640c9ee76d3ce90f9bd8ee3433fc 100644 (file)
--- a/crypto/md4/md4_one.c
+++ b/crypto/md4/md4_one.c
@@ -89,7 +89,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
        }
 #endif
        MD4_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* security consideration */
+       OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
        return(md);
        }
 

diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c
index b89dec850d2d5b20ed511227cac38a986b2380cd..c67eb795ca76398aa8c58ab03575c6960d743c41 100644 (file)
--- a/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
@@ -89,7 +89,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
        }
 #endif
        MD5_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* security consideration */
+       OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
        return(md);
        }
 

diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c
index 6cd141b4d621b64bd9d062280fde4e7061e71dbb..37f06c8d77cfee5ee5194449e302b7390a025dc0 100644 (file)
--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
@@ -69,7 +69,7 @@ unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md)
        MDC2_Init(&c);
        MDC2_Update(&c,d,n);
         MDC2_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* security consideration */
+       OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
        return(md);
        }
 

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index a86a98f41916aa7a62ea52ddbbeac6dcabf039f8..e024bd78730433d7e98a56599df05d11cf8108e7 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -380,7 +380,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                 * NOT taken from the BytesToKey function */
                EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
 
-               if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+               if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 
                buf[0]='\0';
                PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 7a89993b4809a12190eeccd4e1f7c8acb521e608..6b414cfa5c8bf53f1d86dcadc5dcc685246d971a 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1471,7 +1471,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                        s->method->ssl3_enc->generate_master_secret(s,
                                s->session->master_key,
                                p,i);
-               memset(p,0,i);
+               OPENSSL_cleanse(p,i);
                }
        else
 #endif