Cleanse memory using the new OPENSSL_cleanse() function.
authorRichard Levitte <levitte@openssl.org>
Thu, 28 Nov 2002 08:09:03 +0000 (08:09 +0000)
committerRichard Levitte <levitte@openssl.org>
Thu, 28 Nov 2002 08:09:03 +0000 (08:09 +0000)
I've covered all the memset()s I felt safe modifying, but may have missed some.

57 files changed:
apps/apps.c
apps/ca.c
apps/dgst.c
apps/enc.c
apps/s_client.c
apps/s_server.c
crypto/asn1/a_sign.c
crypto/asn1/a_verify.c
crypto/asn1/n_pkey.c
crypto/asn1/p8_pkey.c
crypto/des/des.c
crypto/des/read2pwd.c
crypto/des/read_pwd.c
crypto/des/str2key.c
crypto/ec/ec_lib.c
crypto/engine/hw_4758_cca.c
crypto/engine/hw_sureware.c
crypto/evp/bio_enc.c
crypto/evp/bio_ok.c
crypto/evp/digest.c
crypto/evp/e_idea.c
crypto/evp/evp_key.c
crypto/evp/p5_crpt.c
crypto/evp/p5_crpt2.c
crypto/evp/p_open.c
crypto/md32_common.h
crypto/mem.c
crypto/pem/pem_info.c
crypto/pem/pem_lib.c
crypto/pem/pem_pk8.c
crypto/pem/pem_seal.c
crypto/pkcs12/p12_crpt.c
crypto/pkcs12/p12_decr.c
crypto/pkcs12/p12_key.c
crypto/pkcs7/bio_ber.c
crypto/pkcs7/pk7_doit.c
crypto/rand/md_rand.c
crypto/rand/rand_unix.c
crypto/rand/randfile.c
crypto/rc4/rc4.c
crypto/ripemd/rmd_one.c
crypto/rsa/rsa_eay.c
crypto/rsa/rsa_saos.c
crypto/rsa/rsa_sign.c
crypto/sha/sha1_one.c
crypto/sha/sha_one.c
crypto/ui/ui_openssl.c
crypto/ui/ui_util.c
crypto/x509/x509_vfy.c
ssl/kssl.c
ssl/s2_lib.c
ssl/s3_clnt.c
ssl/s3_enc.c
ssl/s3_lib.c
ssl/s3_srvr.c
ssl/ssl_sess.c
ssl/t1_enc.c

index 271dfa143938fe903b94507b4354fbc9a5ab7172..4a8c9263a7cc3e0e59989d7f986a498e01999de7 100644 (file)
@@ -615,7 +615,7 @@ int password_callback(char *buf, int bufsiz, int verify,
 
                if (buff)
                        {
-                       memset(buff,0,(unsigned int)bufsiz);
+                       OPENSSL_cleanse(buff,(unsigned int)bufsiz);
                        OPENSSL_free(buff);
                        }
 
@@ -625,13 +625,13 @@ int password_callback(char *buf, int bufsiz, int verify,
                        {
                        BIO_printf(bio_err, "User interface error\n");
                        ERR_print_errors(bio_err);
-                       memset(buf,0,(unsigned int)bufsiz);
+                       OPENSSL_cleanse(buf,(unsigned int)bufsiz);
                        res = 0;
                        }
                if (ok == -2)
                        {
                        BIO_printf(bio_err,"aborted!\n");
-                       memset(buf,0,(unsigned int)bufsiz);
+                       OPENSSL_cleanse(buf,(unsigned int)bufsiz);
                        res = 0;
                        }
                UI_free(ui);
index 177797dfda91cd2f6b9d69b1028a52c1a6fd4884..811413df4aa487465e771b92bff53c1327a6108b 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -706,7 +706,7 @@ bad:
                }
        pkey = load_key(bio_err, keyfile, keyform, 0, key, e, 
                "CA private key");
-       if (key) memset(key,0,strlen(key));
+       if (key) OPENSSL_cleanse(key,strlen(key));
        if (pkey == NULL)
                {
                /* load_key() has already printed an appropriate message */
index dd65a591f5b3ee41a481f99e99e3a59512543045..c4bb7a106153bd31bcac32f0d044b721c490c4cd 100644 (file)
@@ -356,7 +356,7 @@ int MAIN(int argc, char **argv)
 end:
        if (buf != NULL)
                {
-               memset(buf,0,BUFSIZE);
+               OPENSSL_cleanse(buf,BUFSIZE);
                OPENSSL_free(buf);
                }
        if (in != NULL) BIO_free(in);
index eff5c5610e9a3f9a26c4695cf825b502acd49045..bae7f21d79047530792c9ded85f31c9e845f2d30 100644 (file)
@@ -481,9 +481,9 @@ bad:
                         * bug picked up by
                         * Larry J. Hughes Jr. <hughes@indiana.edu> */
                        if (str == strbuf)
-                               memset(str,0,SIZE);
+                               OPENSSL_cleanse(str,SIZE);
                        else
-                               memset(str,0,strlen(str));
+                               OPENSSL_cleanse(str,strlen(str));
                        }
                if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
                        {
index 3b018ff0e006c05d8fc3d49965cd2080cbb1308d..7b1fa7b22be01569f6636766b3f699a70ab5706b 100644 (file)
@@ -908,9 +908,9 @@ end:
        if (con != NULL) SSL_free(con);
        if (con2 != NULL) SSL_free(con2);
        if (ctx != NULL) SSL_CTX_free(ctx);
-       if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
-       if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
-       if (mbuf != NULL) { memset(mbuf,0,BUFSIZZ); OPENSSL_free(mbuf); }
+       if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+       if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+       if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
        if (bio_c_out != NULL)
                {
                BIO_free(bio_c_out);
index 7a74c41020232aafa07cf2fba004d34d0eb7057a..94dd59becc3a48d2196e90420dd35ef00cba28e1 100644 (file)
@@ -1184,7 +1184,7 @@ err:
        BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
        if (buf != NULL)
                {
-               memset(buf,0,bufsize);
+               OPENSSL_cleanse(buf,bufsize);
                OPENSSL_free(buf);
                }
        if (ret >= 0)
index de53b441448e4f9d44a07004790105b7a8a006c0..52ce7e39740b877e81f9a74f43028b7679d7ab20 100644 (file)
@@ -204,9 +204,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 err:
        EVP_MD_CTX_cleanup(&ctx);
        if (buf_in != NULL)
-               { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+               { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
        if (buf_out != NULL)
-               { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+               { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
        return(outl);
        }
 
@@ -287,8 +287,8 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 err:
        EVP_MD_CTX_cleanup(&ctx);
        if (buf_in != NULL)
-               { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+               { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
        if (buf_out != NULL)
-               { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+               { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
        return(outl);
        }
index bf41de5146dfd2f752e05d97190f64d187714784..da2a0a6d69505f1e5b118f2186e8e4fc3d807d92 100644 (file)
@@ -103,7 +103,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
        EVP_VerifyInit_ex(&ctx,type, NULL);
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-       memset(buf_in,0,(unsigned int)inl);
+       OPENSSL_cleanse(buf_in,(unsigned int)inl);
        OPENSSL_free(buf_in);
 
        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
@@ -153,7 +153,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
        EVP_VerifyInit_ex(&ctx,type, NULL);
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-       memset(buf_in,0,(unsigned int)inl);
+       OPENSSL_cleanse(buf_in,(unsigned int)inl);
        OPENSSL_free(buf_in);
 
        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
index 9146ee02c966191e8aab9244661609cdc3a66c09..766b51c53830e0a1d15f1c08c5f59d6a3b8b1cc6 100644 (file)
@@ -187,7 +187,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
        i2d_NETSCAPE_PKEY(pkey,&zz);
 
        /* Wipe the private key encoding */
-       memset(pkey->private_key->data, 0, rsalen);
+       OPENSSL_cleanse(pkey->private_key->data, rsalen);
                
        if (cb == NULL)
                cb=EVP_read_pw_string;
@@ -206,7 +206,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
        }
 
        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-       memset(buf,0,256);
+       OPENSSL_cleanse(buf,256);
 
        /* Encrypt private key in place */
        zz = enckey->enckey->digest->data;
@@ -294,7 +294,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
        }
                
        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-       memset(buf,0,256);
+       OPENSSL_cleanse(buf,256);
 
        EVP_CIPHER_CTX_init(&ctx);
        EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
index b634d5bc85c663d50973e709bec5f42a51a61e7d..24b409132f53af1627675ccaf9dd3e363ba8d5a0 100644 (file)
@@ -68,8 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
        if(operation == ASN1_OP_FREE_PRE) {
                PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
                if (key->pkey->value.octet_string)
-               memset(key->pkey->value.octet_string->data,
-                                0, key->pkey->value.octet_string->length);
+               OPENSSL_cleanse(key->pkey->value.octet_string->data,
+                       key->pkey->value.octet_string->length);
        }
        return 1;
 }
index d8c846b23dba6efc508fb6ca311b2de40e955c72..343135ff9ec505e2c0865706997a44bb249b17c7 100644 (file)
@@ -427,7 +427,7 @@ void doencryption(void)
                                k2[i-8]=k;
                        }
                DES_set_key_unchecked(&k2,&ks2);
-               memset(k2,0,sizeof(k2));
+               OPENSSL_cleanse(k2,sizeof(k2));
                }
        else if (longk || flag3)
                {
@@ -435,7 +435,7 @@ void doencryption(void)
                        {
                        DES_string_to_2keys(key,&kk,&k2);
                        DES_set_key_unchecked(&k2,&ks2);
-                       memset(k2,0,sizeof(k2));
+                       OPENSSL_cleanse(k2,sizeof(k2));
                        }
                else
                        DES_string_to_key(key,&kk);
@@ -457,8 +457,8 @@ void doencryption(void)
                        }
 
        DES_set_key_unchecked(&kk,&ks);
-       memset(key,0,sizeof(key));
-       memset(kk,0,sizeof(kk));
+       OPENSSL_cleanse(key,sizeof(key));
+       OPENSSL_cleanse(kk,sizeof(kk));
        /* woops - A bug that does not showup under unix :-( */
        memset(iv,0,sizeof(iv));
        memset(iv2,0,sizeof(iv2));
@@ -666,18 +666,18 @@ void doencryption(void)
                if (l) fclose(CKSUM_OUT);
                }
 problems:
-       memset(buf,0,sizeof(buf));
-       memset(obuf,0,sizeof(obuf));
-       memset(&ks,0,sizeof(ks));
-       memset(&ks2,0,sizeof(ks2));
-       memset(iv,0,sizeof(iv));
-       memset(iv2,0,sizeof(iv2));
-       memset(kk,0,sizeof(kk));
-       memset(k2,0,sizeof(k2));
-       memset(uubuf,0,sizeof(uubuf));
-       memset(b,0,sizeof(b));
-       memset(bb,0,sizeof(bb));
-       memset(cksum,0,sizeof(cksum));
+       OPENSSL_cleanse(buf,sizeof(buf));
+       OPENSSL_cleanse(obuf,sizeof(obuf));
+       OPENSSL_cleanse(&ks,sizeof(ks));
+       OPENSSL_cleanse(&ks2,sizeof(ks2));
+       OPENSSL_cleanse(iv,sizeof(iv));
+       OPENSSL_cleanse(iv2,sizeof(iv2));
+       OPENSSL_cleanse(kk,sizeof(kk));
+       OPENSSL_cleanse(k2,sizeof(k2));
+       OPENSSL_cleanse(uubuf,sizeof(uubuf));
+       OPENSSL_cleanse(b,sizeof(b));
+       OPENSSL_cleanse(bb,sizeof(bb));
+       OPENSSL_cleanse(cksum,sizeof(cksum));
        if (Exit) EXIT(Exit);
        }
 
index 241adfa342d6caa0cdc38e6b1d62e4ba0c48d3da..430da4e9946f8a264ab00a98ead1499aedbc10a7 100644 (file)
@@ -123,8 +123,8 @@ int DES_read_password(DES_cblock *key, const char *prompt, int verify)
 
        if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
                DES_string_to_key(buf,key);
-       memset(buf,0,BUFSIZ);
-       memset(buff,0,BUFSIZ);
+       OPENSSL_cleanse(buf,BUFSIZ);
+       OPENSSL_cleanse(buff,BUFSIZ);
        return(ok);
        }
 
@@ -136,7 +136,7 @@ int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
 
        if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
                DES_string_to_2keys(buf,key1,key2);
-       memset(buf,0,BUFSIZ);
-       memset(buff,0,BUFSIZ);
+       OPENSSL_cleanse(buf,BUFSIZ);
+       OPENSSL_cleanse(buff,BUFSIZ);
        return(ok);
        }
index c79c9a0e2aab9e94eb0f9bdc1c8206adff714a04..ce5fa00a37a42fdf8d38bb6e36e2cb720744e5df 100644 (file)
@@ -220,7 +220,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt,
        int ret;
 
        ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-       memset(buff,0,BUFSIZ);
+       OPENSSL_cleanse(buff,BUFSIZ);
        return(ret);
        }
 
index 36c3f81d9939051f38d0e4ff3d01a61d6dba62a4..0373db469c9a21d971d95bed162777db67d3ed2c 100644 (file)
@@ -94,7 +94,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
        DES_set_key_unchecked(key,&ks);
 #endif
        DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
-       memset(&ks,0,sizeof(ks));
+       OPENSSL_cleanse(&ks,sizeof(ks));
        DES_set_odd_parity(key);
        }
 
@@ -167,7 +167,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
        DES_set_key_unchecked(key2,&ks);
 #endif
        DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
-       memset(&ks,0,sizeof(ks));
+       OPENSSL_cleanse(&ks,sizeof(ks));
        DES_set_odd_parity(key1);
        DES_set_odd_parity(key2);
        }
index 0cf485de60150706d38696b6d0ff73683de39a81..1d2cc71eefe62bcd2eebe650721dc3cd0038acdc 100644 (file)
@@ -128,7 +128,7 @@ void EC_GROUP_clear_free(EC_GROUP *group)
 
        EC_GROUP_clear_free_extra_data(group);
 
-       memset(group, 0, sizeof *group);
+       OPENSSL_cleanse(group, sizeof *group);
        OPENSSL_free(group);
        }
 
@@ -357,7 +357,7 @@ void EC_POINT_clear_free(EC_POINT *point)
                point->meth->point_clear_finish(point);
        else if (point->meth != NULL && point->meth->point_finish != 0)
                point->meth->point_finish(point);
-       memset(point, 0, sizeof *point);
+       OPENSSL_cleanse(point, sizeof *point);
        OPENSSL_free(point);
        }
 
index 55a9883ef5dc8338cee0ff4a560ca5d2109447fc..4f5ae8a46dc49553c4492e1a8f5cde986cdbc727 100644 (file)
@@ -717,7 +717,7 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
 
        if (type == NID_sha1 || type == NID_md5)
                {
-               memset(hashBuffer, 0, keyLength+1);
+               OPENSSL_cleanse(hashBuffer, keyLength+1);
                OPENSSL_free(hashBuffer);
                }
 
@@ -840,7 +840,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
 
        if (type == NID_sha1 || type == NID_md5)
                {
-               memset(hashBuffer, 0, keyLength+1);
+               OPENSSL_cleanse(hashBuffer, keyLength+1);
                OPENSSL_free(hashBuffer);
                }
 
index 8ace126c14d47c9cb33ca1a15ef8fecc86db4d84..fca467e6901376519480754e331d14999fc439bb 100644 (file)
@@ -907,7 +907,7 @@ static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned c
 err:
        if (buf)
        {
-               memset(buf,0,tlen);
+               OPENSSL_cleanse(buf,tlen);
                OPENSSL_free(buf);
        }
        return ret;
index 64fb2353af65512371c7f87eed22ed68f627d104..510e1bc8a4c2f6f1a3578f2d4cbe17c0d5d74f76 100644 (file)
@@ -132,7 +132,7 @@ static int enc_free(BIO *a)
        if (a == NULL) return(0);
        b=(BIO_ENC_CTX *)a->ptr;
        EVP_CIPHER_CTX_cleanup(&(b->cipher));
-       memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+       OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
        OPENSSL_free(a->ptr);
        a->ptr=NULL;
        a->init=0;
index 3cbc6e784819a611373d62f705869015f2555424..530ab937cea7f3f2e5625ddc5910de37e9917a7e 100644 (file)
@@ -211,7 +211,7 @@ static int ok_free(BIO *a)
        {
        if (a == NULL) return(0);
        EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
-       memset(a->ptr,0,sizeof(BIO_OK_CTX));
+       OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
        OPENSSL_free(a->ptr);
        a->ptr=NULL;
        a->init=0;
index 9d18728d306c296cbc81e03e1455f2990336339d..33013c41a6075e3baa8e58d682fa4cc8595bba6e 100644 (file)
@@ -301,7 +301,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                ctx->digest->cleanup(ctx);
        if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
                {
-               memset(ctx->md_data,0,ctx->digest->ctx_size);
+               OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                OPENSSL_free(ctx->md_data);
                }
        if(ctx->engine)
index ed838d3e6206c0713e63fdbd5471ff7428017cb6..b9efa75ae7c84b40a63e32b0d1b528ca92ae5411 100644 (file)
@@ -109,7 +109,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
                idea_set_encrypt_key(key,&tmp);
                idea_set_decrypt_key(&tmp,ctx->cipher_data);
-               memset((unsigned char *)&tmp,0,
+               OPENSSL_cleanse((unsigned char *)&tmp,
                                sizeof(IDEA_KEY_SCHEDULE));
                }
        return 1;
index dc103bd1d7ff2614de7584e3b1a1d3b58c247a7d..5f387a94d32141752d21ebc49752cf910bb0cf7f 100644 (file)
@@ -103,7 +103,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
                        buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
        ret = UI_process(ui);
        UI_free(ui);
-       memset(buff,0,BUFSIZ);
+       OPENSSL_cleanse(buff,BUFSIZ);
        return ret;
        }
 
@@ -168,7 +168,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                if ((nkey == 0) && (niv == 0)) break;
                }
        EVP_MD_CTX_cleanup(&c);
-       memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+       OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
        return(type->key_len);
        }
 
index d15b79928194e81468f62a12e8bc69de9163400a..a1874e83b252ebd719d5f991bb70985b8966ee0e 100644 (file)
@@ -146,8 +146,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
                                                 EVP_CIPHER_iv_length(cipher));
        EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
-       memset(md_tmp, 0, EVP_MAX_MD_SIZE);
-       memset(key, 0, EVP_MAX_KEY_LENGTH);
-       memset(iv, 0, EVP_MAX_IV_LENGTH);
+       OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+       OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+       OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
        return 1;
 }
index 098ce8afa00953001a063f0270b3a383a44f608d..1f94e1ef88b26ed56da7c3e42d115c3d29a4d862 100644 (file)
@@ -231,7 +231,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        iter = ASN1_INTEGER_get(kdf->iter);
        PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
        EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
-       memset(key, 0, keylen);
+       OPENSSL_cleanse(key, keylen);
        PBKDF2PARAM_free(kdf);
        return 1;
 
index 6976f2a867ddbe3f275a60b9a5d558781cdbaa6e..5a933d1cda380e20c30e8b9a4bacd6aea7b2877f 100644 (file)
@@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
 
        ret=1;
 err:
-       if (key != NULL) memset(key,0,size);
+       if (key != NULL) OPENSSL_cleanse(key,size);
        OPENSSL_free(key);
        return(ret);
        }
index 86e41bf6df7dbdddbbc8c4a556e338bb233c3f0f..275b93618bed1107778b6600249b0691966907d9 100644 (file)
@@ -606,7 +606,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
        c->num=0;
        /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
         * but I'm not worried :-)
-       memset((void *)c,0,sizeof(HASH_CTX));
+       OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
         */
        return 1;
        }
index 46a00697ce22147579763fa5b9bb55bb1cb9980b..d7d3cda5dcd25b605e89180c5e09acd2ad37597a 100644 (file)
@@ -343,7 +343,7 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
        ret=malloc_ex_func(num,file,line);
        if(ret)
                memcpy(ret,str,old_len);
-       memset(str,'\0',old_len);
+       OPENSSL_cleanse(str,old_len);
        free_func(str);
 #ifdef LEVITTE_DEBUG_MEM
        fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
index fa58562ad556e47cb5fb407c6ddb51ee8517a0b0..9e4af29c954463be781a31c00d5c74e97392e205 100644 (file)
@@ -359,7 +359,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
        ret=1;
 
 err:
-       memset((char *)&ctx,0,sizeof(ctx));
-       memset(buf,0,PEM_BUFSIZE);
+       OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+       OPENSSL_cleanse(buf,PEM_BUFSIZE);
        return(ret);
        }
index 0941479c3ece6315dae4ff35d727e2dbd0139036..43f2b434152a2454410e0a709f8754afa4003751 100644 (file)
@@ -366,13 +366,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
        i=PEM_write_bio(bp,name,buf,data,i);
        if (i <= 0) ret=0;
 err:
-       memset(key,0,sizeof(key));
-       memset(iv,0,sizeof(iv));
-       memset((char *)&ctx,0,sizeof(ctx));
-       memset(buf,0,PEM_BUFSIZE);
+       OPENSSL_cleanse(key,sizeof(key));
+       OPENSSL_cleanse(iv,sizeof(iv));
+       OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+       OPENSSL_cleanse(buf,PEM_BUFSIZE);
        if (data != NULL)
                {
-               memset(data,0,(unsigned int)dsize);
+               OPENSSL_cleanse(data,(unsigned int)dsize);
                OPENSSL_free(data);
                }
        return(ret);
@@ -413,8 +413,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
        EVP_DecryptUpdate(&ctx,data,&i,data,j);
        o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
-       memset((char *)buf,0,sizeof(buf));
-       memset((char *)key,0,sizeof(key));
+       OPENSSL_cleanse((char *)buf,sizeof(buf));
+       OPENSSL_cleanse((char *)key,sizeof(key));
        j+=i;
        if (!o)
                {
index f44182ffb5a264c29eb5ee57a3f1e15676623666..db38a2a79de2a7fa7766afc5e1b06477a25b95c1 100644 (file)
@@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER
                        kstr = buf;
                }
                p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
-               if(kstr == buf) memset(buf, 0, klen);
+               if(kstr == buf) OPENSSL_cleanse(buf, klen);
                PKCS8_PRIV_KEY_INFO_free(p8inf);
                if(isder) ret = i2d_PKCS8_bio(bp, p8);
                else ret = PEM_write_bio_PKCS8(bp, p8);
index ae463a301de5f7368d11d9b03d3d7e5a3fd6200d..56e08abd705373541cb0e031a8f500ea0f68c13c 100644 (file)
@@ -112,7 +112,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
        ret=npubk;
 err:
        if (s != NULL) OPENSSL_free(s);
-       memset(key,0,EVP_MAX_KEY_LENGTH);
+       OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
        return(ret);
        }
 
index 97be6a5fb538ad5b31bdff1759f8caac7ac54630..5e8958612b494e12a408362b112a3dcc37c22ebf 100644 (file)
@@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        }
        PBEPARAM_free(pbe);
        EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
-       memset(key, 0, EVP_MAX_KEY_LENGTH);
-       memset(iv, 0, EVP_MAX_IV_LENGTH);
+       OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+       OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
        return 1;
 }
index 394af368f4d46ab0793bdadbb5eab49e228b4cb6..b5684a83ba34aec422d66f5bf17c3133703d0e71 100644 (file)
@@ -136,7 +136,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
        }
 #endif
        ret = ASN1_item_d2i(NULL, &p, outlen, it);
-       if (zbuf) memset(out, 0, outlen);
+       if (zbuf) OPENSSL_cleanse(out, outlen);
        if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
        OPENSSL_free(out);
        return ret;
@@ -168,7 +168,7 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *i
                OPENSSL_free(in);
                return NULL;
        }
-       if (zbuf) memset(in, 0, inlen);
+       if (zbuf) OPENSSL_cleanse(in, inlen);
        OPENSSL_free(in);
        return oct;
 }
index 0d39ebde8c8ec67da8a47beb9bee9a805c5dfcd6..9196a34b4a908aa33e59d43ae2e454f09ea481a8 100644 (file)
@@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                                                 id, iter, n, out, md_type);
        if(unipass) {
-               memset(unipass, 0, uniplen);    /* Clear password from memory */
+               OPENSSL_cleanse(unipass, uniplen);      /* Clear password from memory */
                OPENSSL_free(unipass);
        }
        return ret;
index 42331f7ab0ea4f7c415809f545b50c820f053c52..895a91177be828eb8d0875044e34b44041a95963 100644 (file)
@@ -145,7 +145,7 @@ static int ber_free(BIO *a)
 
        if (a == NULL) return(0);
        b=(BIO_BER_CTX *)a->ptr;
-       memset(a->ptr,0,sizeof(BIO_BER_CTX));
+       OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
        OPENSSL_free(a->ptr);
        a->ptr=NULL;
        a->init=0;
index 7f9f49bcfa631c91ca8fe3b6fba8d928e9151260..0060a2ea3df29c3c2d4e424adca03075a4a9f7b3 100644 (file)
@@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                        M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
                        }
                OPENSSL_free(tmp);
-               memset(key, 0, keylen);
+               OPENSSL_cleanse(key, keylen);
 
                if (out == NULL)
                        out=btmp;
@@ -448,7 +448,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                } 
                EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
 
-               memset(tmp,0,jj);
+               OPENSSL_cleanse(tmp,jj);
 
                if (out == NULL)
                        out=etmp;
index a00ed70718589c74e2ef76dd3e9a9c9736783f68..eeffc0df4cb3e9aaab348e776d249a32c15574eb 100644 (file)
@@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void)
 
 static void ssleay_rand_cleanup(void)
        {
-       memset(state,0,sizeof(state));
+       OPENSSL_cleanse(state,sizeof(state));
        state_num=0;
        state_index=0;
-       memset(md,0,MD_DIGEST_LENGTH);
+       OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
        md_count[0]=0;
        md_count[1]=0;
        entropy=0;
index 4175576fcc92d5fab149e4b2afac6dad392f3b44..a776e522431b58e2f1034e3b3ed2a88a3b7c3f90 100644 (file)
@@ -215,7 +215,7 @@ int RAND_poll(void)
        if (n > 0)
                {
                RAND_add(tmpbuf,sizeof tmpbuf,n);
-               memset(tmpbuf,0,n);
+               OPENSSL_cleanse(tmpbuf,n);
                }
 #endif
 
index 7c2673a61ffd31fabd4d05245976697834cdfa4a..41574768ab762a32c6ec32d1f3a55c0e0968745f 100644 (file)
@@ -124,7 +124,7 @@ int RAND_load_file(const char *file, long bytes)
                        }
                }
        fclose(in);
-       memset(buf,0,BUFSIZE);
+       OPENSSL_cleanse(buf,BUFSIZE);
 err:
        return(ret);
        }
@@ -189,7 +189,7 @@ int RAND_write_file(const char *file)
 #endif /* OPENSSL_SYS_VMS */
 
        fclose(out);
-       memset(buf,0,BUFSIZE);
+       OPENSSL_cleanse(buf,BUFSIZE);
 err:
        return (rand_err ? -1 : ret);
        }
index c2165b0b7592e1e2bed3bab7fcc2a737f4f21985..b39c070292c98de583bc0aa26cd3db8a55795db3 100644 (file)
@@ -155,7 +155,7 @@ bad:
                i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
                if (i != 0)
                        {
-                       memset(buf,0,BUFSIZ);
+                       OPENSSL_cleanse(buf,BUFSIZ);
                        fprintf(stderr,"bad password read\n");
                        exit(1);
                        }
@@ -163,7 +163,7 @@ bad:
                }
 
        EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
-       memset(keystr,0,strlen(keystr));
+       OPENSSL_cleanse(keystr,strlen(keystr));
        RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
        
        for(;;)
index efdf2dd6efc2ea501427ba0b66e983a463cdee58..a78328228281537351b0302d852f2ad7e11d41c5 100644 (file)
@@ -70,7 +70,7 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
        RIPEMD160_Init(&c);
        RIPEMD160_Update(&c,d,n);
        RIPEMD160_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* security consideration */
+       OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
        return(md);
        }
 
index 0eda816081dc99c4b0183a8e73256a5978263d14..ce93c4032e7eb63579d8f8eb2e1a48a056a9a972 100644 (file)
@@ -187,7 +187,7 @@ err:
        BN_clear_free(&ret);
        if (buf != NULL) 
                {
-               memset(buf,0,num);
+               OPENSSL_cleanse(buf,num);
                OPENSSL_free(buf);
                }
        return(r);
@@ -271,7 +271,7 @@ err:
        BN_clear_free(&f);
        if (buf != NULL)
                {
-               memset(buf,0,num);
+               OPENSSL_cleanse(buf,num);
                OPENSSL_free(buf);
                }
        return(r);
@@ -370,7 +370,7 @@ err:
        BN_clear_free(&ret);
        if (buf != NULL)
                {
-               memset(buf,0,num);
+               OPENSSL_cleanse(buf,num);
                OPENSSL_free(buf);
                }
        return(r);
@@ -467,7 +467,7 @@ err:
        BN_clear_free(&ret);
        if (buf != NULL)
                {
-               memset(buf,0,num);
+               OPENSSL_cleanse(buf,num);
                OPENSSL_free(buf);
                }
        return(r);
index 423cb50652235d3c2fa0687177f525e64dcfc1a6..f462716a57f2f6d6a50cbfc97eee309272f4120b 100644 (file)
@@ -96,7 +96,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
        else
                *siglen=i;
 
-       memset(s,0,(unsigned int)j+1);
+       OPENSSL_cleanse(s,(unsigned int)j+1);
        OPENSSL_free(s);
        return(ret);
        }
@@ -139,7 +139,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
                ret=1;
 err:
        if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
-       memset(s,0,(unsigned int)siglen);
+       OPENSSL_cleanse(s,(unsigned int)siglen);
        OPENSSL_free(s);
        return(ret);
        }
index c53ca739149b6b78f76f37f15d96bc53ae30945a..4ac2de34079090b1d45e0c4378faba2db9824dfb 100644 (file)
@@ -136,7 +136,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
                *siglen=i;
 
        if(type != NID_md5_sha1) {
-               memset(tmps,0,(unsigned int)j+1);
+               OPENSSL_cleanse(tmps,(unsigned int)j+1);
                OPENSSL_free(tmps);
        }
        return(ret);
@@ -221,7 +221,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
        }
 err:
        if (sig != NULL) X509_SIG_free(sig);
-       memset(s,0,(unsigned int)siglen);
+       OPENSSL_cleanse(s,(unsigned int)siglen);
        OPENSSL_free(s);
        return(ret);
        }
index e6a24888ed5949675cf49da35ae0b7309281042a..ad235d6cdc7c00cc82f79f996ca7e6752b28e526 100644 (file)
@@ -70,7 +70,7 @@ unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
        SHA1_Init(&c);
        SHA1_Update(&c,d,n);
        SHA1_Final(md,&c);
-       memset(&c,0,sizeof(c));
+       OPENSSL_cleanse(&c,sizeof(c));
        return(md);
        }
 #endif
index 5426faae4afd7874081e6402198cacdd343a9d4d..66b083144adc7bdcc87c0deeec0a3f81e806a4f6 100644 (file)
@@ -70,7 +70,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
        SHA_Init(&c);
        SHA_Update(&c,d,n);
        SHA_Final(md,&c);
-       memset(&c,0,sizeof(c));
+       OPENSSL_cleanse(&c,sizeof(c));
        return(md);
        }
 #endif
index 6d5f9cd8b139d704212d35d07e326de7e93b3414..e1a872ef7ca278460386def3dcd52e6e7c506dd7 100644 (file)
@@ -449,7 +449,7 @@ error:
        ok=1;
 #endif
 
-       memset(result,0,BUFSIZ);
+       OPENSSL_cleanse(result,BUFSIZ);
        return ok;
        }
 
index 8876128e56a2fb155120e4020d6b67d01514fdd8..fc8b691a87590998c706e629a9a7c267e1bcec24 100644 (file)
@@ -65,7 +65,7 @@ int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
        int ret;
 
        ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-       memset(buff,0,BUFSIZ);
+       OPENSSL_cleanse(buff,BUFSIZ);
        return(ret);
        }
 
index 552d1e72516ea191cb78f0d2269dfc6a0d8f9d4a..568c62936795e45020daebf933d3401ea708b809 100644 (file)
@@ -1158,7 +1158,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
                ctx->chain=NULL;
                }
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
-       memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
+       OPENSSL_cleanse(&ctx->ex_data,sizeof(CRYPTO_EX_DATA));
        }
 
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
index c294166b9d3f0aac6e2fb72fe77777477cdeb25e..1a49f43a8376624808a8fbc855c19a6e184a7b46 100644 (file)
@@ -1550,7 +1550,7 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx)
         {
        if (kssl_ctx == NULL)  return kssl_ctx;
 
-       if (kssl_ctx->key)              memset(kssl_ctx->key, 0,
+       if (kssl_ctx->key)              OPENSSL_cleanse(kssl_ctx->key,
                                                              kssl_ctx->length);
        if (kssl_ctx->key)              free(kssl_ctx->key);
        if (kssl_ctx->client_princ)     free(kssl_ctx->client_princ);
@@ -1654,7 +1654,7 @@ kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
 
        if (kssl_ctx->key)
                 {
-               memset(kssl_ctx->key, 0, kssl_ctx->length);
+               OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
                free(kssl_ctx->key);
                }
 
index 096e38d316d8948c4731d11433266024b20bf098..910b9fe097d457fb9fdd7b793bf76f76bd4c3aff 100644 (file)
@@ -308,7 +308,7 @@ void ssl2_free(SSL *s)
        s2=s->s2;
        if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
        if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
-       memset(s2,0,sizeof *s2);
+       OPENSSL_cleanse(s2,sizeof *s2);
        OPENSSL_free(s2);
        s->s2=NULL;
        }
index 9425ec6728b519ae301bd9e705c8452f7e0c667c..4d4a8d0f48f42ab4d4f7b7cfaa59cd71f2df0be2 100644 (file)
@@ -1491,7 +1491,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                s->method->ssl3_enc->generate_master_secret(s,
                                        s->session->master_key,
                                        tmp_buf,sizeof tmp_buf);
-                       memset(tmp_buf,0,sizeof tmp_buf);
+                       OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
                        }
 #endif
 #ifndef OPENSSL_NO_KRB5
@@ -1622,8 +1622,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                        s->session->master_key,
                                        tmp_buf, sizeof tmp_buf);
 
-                       memset(tmp_buf, 0, sizeof tmp_buf);
-                       memset(epms, 0, outl);
+                       OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+                       OPENSSL_cleanse(epms, outl);
                         }
 #endif
 #ifndef OPENSSL_NO_DH
index cec8fcd3762fedbaf3fb29ceda16f7b32f7b5849..35fde29c8a5f4b65d1bf093a0af7ffad52887bce 100644 (file)
@@ -182,7 +182,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 
                km+=MD5_DIGEST_LENGTH;
                }
-       memset(smd,0,SHA_DIGEST_LENGTH);
+       OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
        EVP_MD_CTX_cleanup(&m5);
        EVP_MD_CTX_cleanup(&s1);
        return 1;
@@ -333,8 +333,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
        EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 
-       memset(&(exp_key[0]),0,sizeof(exp_key));
-       memset(&(exp_iv[0]),0,sizeof(exp_iv));
+       OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+       OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
        EVP_MD_CTX_cleanup(&md);
        return(1);
 err:
@@ -408,7 +408,7 @@ void ssl3_cleanup_key_block(SSL *s)
        {
        if (s->s3->tmp.key_block != NULL)
                {
-               memset(s->s3->tmp.key_block,0,
+               OPENSSL_cleanse(s->s3->tmp.key_block,
                        s->s3->tmp.key_block_length);
                OPENSSL_free(s->s3->tmp.key_block);
                s->s3->tmp.key_block=NULL;
index bcfd09bc246c7899d3ea4a1bd8a0dd70e7fa4e95..896b12fc4f38fcd6afee2f092b18f43bd4ce0267 100644 (file)
@@ -1100,7 +1100,7 @@ void ssl3_free(SSL *s)
                sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
        EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
        EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-       memset(s->s3,0,sizeof *s->s3);
+       OPENSSL_cleanse(s->s3,sizeof *s->s3);
        OPENSSL_free(s->s3);
        s->s3=NULL;
        }
index af5cc6342d9ba45630d43208aefbec143c6706c5..1a255c4b0bbff7cc97954bba17b5b5b9d7084b2d 100644 (file)
@@ -1556,7 +1556,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                s->session->master_key_length=
                        s->method->ssl3_enc->generate_master_secret(s,
                                s->session->master_key,p,i);
-               memset(p,0,i);
+               OPENSSL_cleanse(p,i);
                }
        else
 #endif
index a969d8fdceb171907bf162f2ce27eddb2210b049..fbc30b94e63b62b2148f6f474751af6667951dd2 100644 (file)
@@ -528,13 +528,13 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 
-       memset(ss->key_arg,0,sizeof ss->key_arg);
-       memset(ss->master_key,0,sizeof ss->master_key);
-       memset(ss->session_id,0,sizeof ss->session_id);
+       OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
+       OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
+       OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
        if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
        if (ss->peer != NULL) X509_free(ss->peer);
        if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
-       memset(ss,0,sizeof(*ss));
+       OPENSSL_cleanse(ss,sizeof(*ss));
        OPENSSL_free(ss);
        }
 
index 2c847ad790ae3b7a69f9d8b5a3d8683f40f2c604..271e247eea745c45922066a2894899e39005070c 100644 (file)
@@ -161,7 +161,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
                }
        HMAC_CTX_cleanup(&ctx);
        HMAC_CTX_cleanup(&ctx_tmp);
-       memset(A1,0,sizeof(A1));
+       OPENSSL_cleanse(A1,sizeof(A1));
        }
 
 static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
@@ -418,10 +418,10 @@ printf("\niv=");
 printf("\n");
 #endif
 
-       memset(tmp1,0,sizeof(tmp1));
-       memset(tmp2,0,sizeof(tmp1));
-       memset(iv1,0,sizeof(iv1));
-       memset(iv2,0,sizeof(iv2));
+       OPENSSL_cleanse(tmp1,sizeof(tmp1));
+       OPENSSL_cleanse(tmp2,sizeof(tmp1));
+       OPENSSL_cleanse(iv1,sizeof(iv1));
+       OPENSSL_cleanse(iv2,sizeof(iv2));
        return(1);
 err:
        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -476,7 +476,7 @@ printf("pre-master\n");
 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
 #endif
        tls1_generate_key_block(s,p1,p2,num);
-       memset(p2,0,num);
+       OPENSSL_cleanse(p2,num);
        OPENSSL_free(p2);
 #ifdef TLS_DEBUG
 printf("\nkey block\n");