From: Richard Levitte Date: Fri, 29 Nov 2002 11:31:18 +0000 (+0000) Subject: A few more memset()s converted to OPENSSL_cleanse(). X-Git-Tag: OpenSSL_0_9_6h~12 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6bad9d0522f588514d5c302c348da219d0574a59;p=oweals%2Fopenssl.git A few more memset()s converted to OPENSSL_cleanse(). I *think* I got them all covered by now, bu please, if you find any more, tell me and I'll correct it. PR: 343 --- diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 7767d65170..5f121dea1e 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a) if (a == NULL) return; if (a->d != NULL) { - memset(a->d,0,a->dmax*sizeof(a->d[0])); + OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); } i=BN_get_flags(a,BN_FLG_MALLOCED); - memset(a,0,sizeof(BIGNUM)); + OPENSSL_cleanse(a,sizeof(BIGNUM)); if (i) OPENSSL_free(a); } diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 4944ffbf23..eb65c28cbb 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) err: if (buf != NULL) { - memset(buf,0,bytes); + OPENSSL_cleanse(buf,bytes); OPENSSL_free(buf); } return(ret); diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index 608baefa8f..458a3fad7f 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -194,7 +194,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d) t=(t+i)&0xff; } memcpy(sp1,state,16*sizeof(MD2_INT)); - memset(state,0,48*sizeof(MD2_INT)); + OPENSSL_cleanse(state,48*sizeof(MD2_INT)); } void MD2_Final(unsigned char *md, MD2_CTX *c) diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c index b12c37ce4d..835160ef56 100644 --- a/crypto/md2/md2_one.c +++ b/crypto/md2/md2_one.c @@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD2_Final(md,&c); - memset(&c,0,sizeof(c)); /* Security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */ return(md); } diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c index 87a995d38d..53efd430ec 100644 --- a/crypto/md4/md4_one.c +++ b/crypto/md4/md4_one.c @@ -89,7 +89,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD4_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c index b89dec850d..c67eb795ca 100644 --- a/crypto/md5/md5_one.c +++ b/crypto/md5/md5_one.c @@ -89,7 +89,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD5_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c index 6cd141b4d6..37f06c8d77 100644 --- a/crypto/mdc2/mdc2_one.c +++ b/crypto/mdc2/mdc2_one.c @@ -69,7 +69,7 @@ unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md) MDC2_Init(&c); MDC2_Update(&c,d,n); MDC2_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index a86a98f419..e024bd7873 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -380,7 +380,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, * NOT taken from the BytesToKey function */ EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); - if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 7a89993b48..6b414cfa5c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1471,7 +1471,7 @@ static int ssl3_get_client_key_exchange(SSL *s) s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, p,i); - memset(p,0,i); + OPENSSL_cleanse(p,i); } else #endif