From: Richard Levitte Date: Fri, 29 Nov 2002 11:31:51 +0000 (+0000) Subject: A few more memset()s converted to OPENSSL_cleanse(). X-Git-Tag: OpenSSL_0_9_7-beta5~34 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c9ea7400b49f51dd2b4657be0264c437dfd29bf3;p=oweals%2Fopenssl.git A few more memset()s converted to OPENSSL_cleanse(). I *think* I got them all covered by now, bu please, if you find any more, tell me and I'll correct it. PR: 343 --- diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 8abe095af2..fa0ff485ad 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a) if (a == NULL) return; if (a->d != NULL) { - memset(a->d,0,a->dmax*sizeof(a->d[0])); + OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); } i=BN_get_flags(a,BN_FLG_MALLOCED); - memset(a,0,sizeof(BIGNUM)); + OPENSSL_cleanse(a,sizeof(BIGNUM)); if (i) OPENSSL_free(a); } diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 9e08ccd22e..893c9d2af9 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) err: if (buf != NULL) { - memset(buf,0,bytes); + OPENSSL_cleanse(buf,bytes); OPENSSL_free(buf); } return(ret); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 39a66f189f..66c48d1431 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -454,9 +454,9 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { if(c->cipher->cleanup && !c->cipher->cleanup(c)) return 0; - /* Zero cipher context data */ + /* Cleanse cipher context data */ if (c->cipher_data) - memset(c->cipher_data, 0, c->cipher->ctx_size); + OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); } if (c->cipher_data) OPENSSL_free(c->cipher_data); diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index f98009acad..47866c3c86 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -196,7 +196,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d) t=(t+i)&0xff; } memcpy(sp1,state,16*sizeof(MD2_INT)); - memset(state,0,48*sizeof(MD2_INT)); + OPENSSL_cleanse(state,48*sizeof(MD2_INT)); } int MD2_Final(unsigned char *md, MD2_CTX *c) diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c index b12c37ce4d..835160ef56 100644 --- a/crypto/md2/md2_one.c +++ b/crypto/md2/md2_one.c @@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD2_Final(md,&c); - memset(&c,0,sizeof(c)); /* Security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */ return(md); } diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c index 87a995d38d..53efd430ec 100644 --- a/crypto/md4/md4_one.c +++ b/crypto/md4/md4_one.c @@ -89,7 +89,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD4_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c index b89dec850d..c67eb795ca 100644 --- a/crypto/md5/md5_one.c +++ b/crypto/md5/md5_one.c @@ -89,7 +89,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD5_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c index 6cd141b4d6..37f06c8d77 100644 --- a/crypto/mdc2/mdc2_one.c +++ b/crypto/mdc2/mdc2_one.c @@ -69,7 +69,7 @@ unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md) MDC2_Init(&c); MDC2_Update(&c,d,n); MDC2_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 43f2b43415..70b5446797 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -341,7 +341,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, * NOT taken from the BytesToKey function */ EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); - if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 1a255c4b0b..7643877a21 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1493,7 +1493,7 @@ static int ssl3_get_client_key_exchange(SSL *s) s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, p,i); - memset(p,0,i); + OPENSSL_cleanse(p,i); } else #endif