A few more memset()s converted to OPENSSL_cleanse().

I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 8abe095af28e3797f72a8230fd5b82183cb6f44b..fa0ff485ade49545d8d363b083d49ad5e1555243 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a)
        if (a == NULL) return;
        if (a->d != NULL)
                {
-               memset(a->d,0,a->dmax*sizeof(a->d[0]));
+               OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
                if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
                        OPENSSL_free(a->d);
                }
        i=BN_get_flags(a,BN_FLG_MALLOCED);
-       memset(a,0,sizeof(BIGNUM));
+       OPENSSL_cleanse(a,sizeof(BIGNUM));
        if (i)
                OPENSSL_free(a);
        }

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 9e08ccd22e78fca5cb4795cc35d3a6ab39429c19..893c9d2af9ec000e2538ed16edeeb8217e2de4de 100644 (file)
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 err:
        if (buf != NULL)
                {
-               memset(buf,0,bytes);
+               OPENSSL_cleanse(buf,bytes);
                OPENSSL_free(buf);
                }
        return(ret);

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 39a66f189f2661dbfcfc8fc04d74a1e6a398a1e8..66c48d1431fc943749901b6935aec28e6d9a8607 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -454,9 +454,9 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                {
                if(c->cipher->cleanup && !c->cipher->cleanup(c))
                        return 0;
-               /* Zero cipher context data */
+               /* Cleanse cipher context data */
                if (c->cipher_data)
-                       memset(c->cipher_data, 0, c->cipher->ctx_size);
+                       OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
                }
        if (c->cipher_data)
                OPENSSL_free(c->cipher_data);

diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index f98009acad25efcd64f3c419b486c56b6b98cef3..47866c3c86fb07f0371665001b789d45c09898e2 100644 (file)
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -196,7 +196,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d)
                t=(t+i)&0xff;
                }
        memcpy(sp1,state,16*sizeof(MD2_INT));
-       memset(state,0,48*sizeof(MD2_INT));
+       OPENSSL_cleanse(state,48*sizeof(MD2_INT));
        }
 
 int MD2_Final(unsigned char *md, MD2_CTX *c)

diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c
index b12c37ce4def4e1a538b7bca74ef7cac8ce7b8e3..835160ef56d1bcf4470bd3f79633d4a137c63f79 100644 (file)
--- a/crypto/md2/md2_one.c
+++ b/crypto/md2/md2_one.c
@@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
        }
 #endif
        MD2_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* Security consideration */
+       OPENSSL_cleanse(&c,sizeof(c));  /* Security consideration */
        return(md);
        }

diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c
index 87a995d38d434f68ff3bb6056d887abe6f03880b..53efd430ec01640c9ee76d3ce90f9bd8ee3433fc 100644 (file)
--- a/crypto/md4/md4_one.c
+++ b/crypto/md4/md4_one.c
@@ -89,7 +89,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
        }
 #endif
        MD4_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* security consideration */
+       OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
        return(md);
        }
 

diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c
index b89dec850d2d5b20ed511227cac38a986b2380cd..c67eb795ca76398aa8c58ab03575c6960d743c41 100644 (file)
--- a/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
@@ -89,7 +89,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
        }
 #endif
        MD5_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* security consideration */
+       OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
        return(md);
        }
 

diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c
index 6cd141b4d621b64bd9d062280fde4e7061e71dbb..37f06c8d77cfee5ee5194449e302b7390a025dc0 100644 (file)
--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
@@ -69,7 +69,7 @@ unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md)
        MDC2_Init(&c);
        MDC2_Update(&c,d,n);
         MDC2_Final(md,&c);
-       memset(&c,0,sizeof(c)); /* security consideration */
+       OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
        return(md);
        }
 

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 43f2b434152a2454410e0a709f8754afa4003751..70b5446797e9681d14339fece172bfd5dda8f931 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -341,7 +341,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                 * NOT taken from the BytesToKey function */
                EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
 
-               if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+               if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 
                OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
 

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 1a255c4b0bbff7cc97954bba17b5b5b9d7084b2d..7643877a212f9401a4aaac836e054009776cdb0e 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1493,7 +1493,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                        s->method->ssl3_enc->generate_master_secret(s,
                                s->session->master_key,
                                p,i);
-               memset(p,0,i);
+               OPENSSL_cleanse(p,i);
                }
        else
 #endif