From 63e86149c159eb604a41e4d6683a1d206271404a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 28 Nov 2002 12:26:05 +0000 Subject: [PATCH] Recent changes from 0.9.6-stable. --- CHANGES | 15 +++++++++++++++ STATUS | 14 +++++++++++++- TABLE | 2 +- apps/ca.c | 2 +- apps/dgst.c | 2 +- apps/enc.c | 4 ++-- apps/s_client.c | 4 ++-- apps/s_server.c | 2 +- crypto/Makefile.ssl | 7 +++++-- crypto/asn1/a_sign.c | 6 +++--- crypto/asn1/a_verify.c | 2 +- crypto/asn1/n_pkey.c | 4 ++-- crypto/asn1/p8_pkey.c | 4 ++-- crypto/crypto-lib.com | 2 +- crypto/crypto.h | 2 ++ crypto/des/des.c | 32 ++++++++++++++++---------------- crypto/des/read2pwd.c | 8 ++++---- crypto/des/read_pwd.c | 2 +- crypto/des/str2key.c | 4 ++-- crypto/engine/hw_sureware.c | 2 +- crypto/evp/bio_enc.c | 2 +- crypto/evp/bio_ok.c | 2 +- crypto/evp/e_idea.c | 2 +- crypto/evp/evp_key.c | 4 ++-- crypto/evp/p5_crpt.c | 6 +++--- crypto/evp/p5_crpt2.c | 2 +- crypto/evp/p_open.c | 2 +- crypto/md32_common.h | 2 +- crypto/mem.c | 14 ++++++++++++++ crypto/pem/pem_info.c | 4 ++-- crypto/pem/pem_lib.c | 14 +++++++------- crypto/pem/pem_seal.c | 2 +- crypto/pkcs12/p12_crpt.c | 4 ++-- crypto/pkcs12/p12_decr.c | 2 +- crypto/pkcs12/p12_key.c | 2 +- crypto/pkcs7/bio_ber.c | 2 +- crypto/pkcs7/pk7_doit.c | 4 ++-- crypto/rand/md_rand.c | 4 ++-- crypto/rand/randfile.c | 4 ++-- crypto/rc4/rc4.c | 4 ++-- crypto/ripemd/rmd_one.c | 2 +- crypto/rsa/rsa.h | 2 ++ crypto/rsa/rsa_eay.c | 8 ++++---- crypto/rsa/rsa_pk1.c | 2 +- crypto/rsa/rsa_saos.c | 6 +++--- crypto/rsa/rsa_sign.c | 6 +++--- crypto/sha/sha1_one.c | 2 +- crypto/sha/sha_one.c | 2 +- crypto/x509/x509_vfy.c | 2 +- ssl/s2_lib.c | 2 +- ssl/s3_clnt.c | 7 ++++++- ssl/s3_enc.c | 8 ++++---- ssl/s3_lib.c | 2 +- ssl/s3_srvr.c | 2 +- ssl/ssl_sess.c | 8 ++++---- ssl/ssltest.c | 5 +++-- ssl/t1_enc.c | 12 ++++++------ util/libeay.num | 1 + 58 files changed, 168 insertions(+), 113 deletions(-) diff --git a/CHANGES b/CHANGES index 635262aff6..3ce964fd80 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,21 @@ Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] + *) New function OPENSSL_cleanse(), which is used to cleanse a section of + memory from it's contents. This is done with a counter that will + place alternating values in each byte. This can be used to solve + two issues: 1) the removal of calls to memset() by highly optimizing + compilers, and 2) cleansing with other values than 0, since those can + be read through on certain media, for example a swap space on disk. + [Geoff Thorpe] + + *) Bugfix: client side session caching did not work with external caching, + because the session->cipher setting was not restored when reloading + from the external cache. This problem was masked, when + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set. + (Found by Steve Haslam .) + [Lutz Jaenicke] + *) Fix client_certificate (ssl/s2_clnt.c): The permissible total length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33. [Zeev Lieber ] diff --git a/STATUS b/STATUS index 2b9de04ffe..3f46de1fa7 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2002/08/09 11:49:13 $ + ______________ $Date: 2002/11/28 12:26:04 $ DEVELOPMENT STATE @@ -23,6 +23,18 @@ RELEASE SHOWSTOPPERS + o [2002-11-21] + PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may + be optimized away in modern compilers. This is definitely not good + and needs to be fixed immediately. The formula to use is presented + in: + + http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0 + + The problem report that mentions this is: + + https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343 + AVAILABLE PATCHES o diff --git a/TABLE b/TABLE index fdce85a0d9..bd68577af3 100644 --- a/TABLE +++ b/TABLE @@ -71,7 +71,7 @@ $ranlib = *** Cygwin $cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=486 -Wall +$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall $unistd = $thread_cflag = $lflags = diff --git a/apps/ca.c b/apps/ca.c index 2494ecd091..71dd6756fc 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -570,7 +570,7 @@ bad: goto err; } pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); - if(key) memset(key,0,strlen(key)); + if(key) OPENSSL_cleanse(key,strlen(key)); if (pkey == NULL) { BIO_printf(bio_err,"unable to load CA private key\n"); diff --git a/apps/dgst.c b/apps/dgst.c index 9a4c8103e0..05eeb88485 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -354,7 +354,7 @@ int MAIN(int argc, char **argv) end: if (buf != NULL) { - memset(buf,0,BUFSIZE); + OPENSSL_cleanse(buf,BUFSIZE); OPENSSL_free(buf); } if (in != NULL) BIO_free(in); diff --git a/apps/enc.c b/apps/enc.c index c56b66bde8..418cb879c0 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -533,9 +533,9 @@ bad: * bug picked up by * Larry J. Hughes Jr. */ if (str == strbuf) - memset(str,0,SIZE); + OPENSSL_cleanse(str,SIZE); else - memset(str,0,strlen(str)); + OPENSSL_cleanse(str,strlen(str)); } if ((hiv != NULL) && !set_hex(hiv,iv,8)) { diff --git a/apps/s_client.c b/apps/s_client.c index dedbc0af2e..90bfda91e5 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -800,8 +800,8 @@ end: if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); - if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); } - if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); } + if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } + if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } if (bio_c_out != NULL) { BIO_free(bio_c_out); diff --git a/apps/s_server.c b/apps/s_server.c index 0c2893d171..85f530ecc9 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1077,7 +1077,7 @@ err: BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); if (buf != NULL) { - memset(buf,0,bufsize); + OPENSSL_cleanse(buf,bufsize); OPENSSL_free(buf); } if (ret >= 0) diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index d6c9a970dd..55bf1a1668 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -34,8 +34,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a -LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c -LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o +LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c +LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o SRC= $(LIBSRC) @@ -185,6 +185,9 @@ mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h +mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h +mem_clr.o: ../include/openssl/symhacks.h mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 94829d889e..c5cf0e3133 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -199,10 +199,10 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; err: - memset(&ctx,0,sizeof(ctx)); + OPENSSL_cleanse(&ctx,sizeof(ctx)); if (buf_in != NULL) - { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } + { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) - { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } + { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } return(outl); } diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 2a11927e5c..faa34501b9 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -100,7 +100,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature, EVP_VerifyInit(&ctx,type); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); - memset(buf_in,0,(unsigned int)inl); + OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 9840193538..5f8ba3cc32 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -181,7 +181,7 @@ int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey) } EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); - memset(buf,0,256); + OPENSSL_cleanse(buf,256); EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL); @@ -292,7 +292,7 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length, } EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); - memset(buf,0,256); + OPENSSL_cleanse(buf,256); EVP_CIPHER_CTX_init(&ctx); EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL); diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index fa6cbfb6f8..3e0ebef507 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -119,8 +119,8 @@ void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a) X509_ALGOR_free(a->pkeyalg); /* Clear sensitive data */ if (a->pkey->value.octet_string) - memset (a->pkey->value.octet_string->data, - 0, a->pkey->value.octet_string->length); + OPENSSL_cleanse(a->pkey->value.octet_string->data, + a->pkey->value.octet_string->length); ASN1_TYPE_free (a->pkey); sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free); OPENSSL_free (a); diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index ec01c1f1fd..08db516f0e 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -174,7 +174,7 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid" +$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" diff --git a/crypto/crypto.h b/crypto/crypto.h index a305bd058d..bebc672b63 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -346,6 +346,8 @@ void CRYPTO_free(void *); void *CRYPTO_realloc(void *addr,int num, const char *file, int line); void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); +void OPENSSL_cleanse(void *ptr, size_t len); + void CRYPTO_set_mem_debug_options(long bits); long CRYPTO_get_mem_debug_options(void); diff --git a/crypto/des/des.c b/crypto/des/des.c index 215d7413c0..22596648e8 100644 --- a/crypto/des/des.c +++ b/crypto/des/des.c @@ -423,7 +423,7 @@ void doencryption(void) k2[i-8]=k; } des_set_key_unchecked(&k2,ks2); - memset(k2,0,sizeof(k2)); + OPENSSL_cleanse(k2,sizeof(k2)); } else if (longk || flag3) { @@ -431,7 +431,7 @@ void doencryption(void) { des_string_to_2keys(key,&kk,&k2); des_set_key_unchecked(&k2,ks2); - memset(k2,0,sizeof(k2)); + OPENSSL_cleanse(k2,sizeof(k2)); } else des_string_to_key(key,&kk); @@ -453,8 +453,8 @@ void doencryption(void) } des_set_key_unchecked(&kk,ks); - memset(key,0,sizeof(key)); - memset(kk,0,sizeof(kk)); + OPENSSL_cleanse(key,sizeof(key)); + OPENSSL_cleanse(kk,sizeof(kk)); /* woops - A bug that does not showup under unix :-( */ memset(iv,0,sizeof(iv)); memset(iv2,0,sizeof(iv2)); @@ -662,18 +662,18 @@ void doencryption(void) if (l) fclose(CKSUM_OUT); } problems: - memset(buf,0,sizeof(buf)); - memset(obuf,0,sizeof(obuf)); - memset(ks,0,sizeof(ks)); - memset(ks2,0,sizeof(ks2)); - memset(iv,0,sizeof(iv)); - memset(iv2,0,sizeof(iv2)); - memset(kk,0,sizeof(kk)); - memset(k2,0,sizeof(k2)); - memset(uubuf,0,sizeof(uubuf)); - memset(b,0,sizeof(b)); - memset(bb,0,sizeof(bb)); - memset(cksum,0,sizeof(cksum)); + OPENSSL_cleanse(buf,sizeof(buf)); + OPENSSL_cleanse(obuf,sizeof(obuf)); + OPENSSL_cleanse(ks,sizeof(ks)); + OPENSSL_cleanse(ks2,sizeof(ks2)); + OPENSSL_cleanse(iv,sizeof(iv)); + OPENSSL_cleanse(iv2,sizeof(iv2)); + OPENSSL_cleanse(kk,sizeof(kk)); + OPENSSL_cleanse(k2,sizeof(k2)); + OPENSSL_cleanse(uubuf,sizeof(uubuf)); + OPENSSL_cleanse(b,sizeof(b)); + OPENSSL_cleanse(bb,sizeof(bb)); + OPENSSL_cleanse(cksum,sizeof(cksum)); if (Exit) EXIT(Exit); } diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c index a8ceaf088a..25d3c63131 100644 --- a/crypto/des/read2pwd.c +++ b/crypto/des/read2pwd.c @@ -65,8 +65,8 @@ int des_read_password(des_cblock *key, const char *prompt, int verify) if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) des_string_to_key(buf,key); - memset(buf,0,BUFSIZ); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ok); } @@ -78,7 +78,7 @@ int des_read_2passwords(des_cblock *key1, des_cblock *key2, const char *prompt, if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) des_string_to_2keys(buf,key1,key2); - memset(buf,0,BUFSIZ); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ok); } diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index cba52cad78..a8f1590943 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -218,7 +218,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt, int ret; ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ret); } diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c index c6abb87201..fc5b96ee87 100644 --- a/crypto/des/str2key.c +++ b/crypto/des/str2key.c @@ -88,7 +88,7 @@ void des_string_to_key(const char *str, des_cblock *key) des_set_odd_parity(key); des_set_key_unchecked(key,ks); des_cbc_cksum((const unsigned char*)str,key,length,ks,key); - memset(ks,0,sizeof(ks)); + OPENSSL_cleanse(ks,sizeof(ks)); des_set_odd_parity(key); } @@ -149,7 +149,7 @@ void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2) des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1); des_set_key_unchecked(key2,ks); des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2); - memset(ks,0,sizeof(ks)); + OPENSSL_cleanse(ks,sizeof(ks)); des_set_odd_parity(key1); des_set_odd_parity(key2); } diff --git a/crypto/engine/hw_sureware.c b/crypto/engine/hw_sureware.c index a678b94255..2b133d0e90 100644 --- a/crypto/engine/hw_sureware.c +++ b/crypto/engine/hw_sureware.c @@ -800,7 +800,7 @@ static int surewarehk_rsa_priv_dec(int flen,unsigned char *from,unsigned char *t err: if (buf) { - memset(buf,0,tlen); + OPENSSL_cleanse(buf,tlen); OPENSSL_free(buf); } return ret; diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index c425a971af..a04e8b11b2 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -128,7 +128,7 @@ static int enc_free(BIO *a) if (a == NULL) return(0); b=(BIO_ENC_CTX *)a->ptr; EVP_CIPHER_CTX_cleanup(&(b->cipher)); - memset(a->ptr,0,sizeof(BIO_ENC_CTX)); + OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index e617ce1d43..e884552a44 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -208,7 +208,7 @@ static int ok_new(BIO *bi) static int ok_free(BIO *a) { if (a == NULL) return(0); - memset(a->ptr,0,sizeof(BIO_OK_CTX)); + OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index 8d3c88deb7..50f7503f32 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -103,7 +103,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, idea_set_encrypt_key(key,&tmp); idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks)); - memset((unsigned char *)&tmp,0, + OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); } return 1; diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index e7434ef9b2..a31af2924e 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -152,8 +152,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, } if ((nkey == 0) && (niv == 0)) break; } - memset(&c,0,sizeof(c)); - memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); + OPENSSL_cleanse(&c,sizeof(c)); + OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE); return(type->key_len); } diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 6bfa2c5acb..0422fa5883 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -142,8 +142,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); EVP_CipherInit(cctx, cipher, key, iv, en_de); - memset(md_tmp, 0, EVP_MAX_MD_SIZE); - memset(key, 0, EVP_MAX_KEY_LENGTH); - memset(iv, 0, EVP_MAX_IV_LENGTH); + OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); + OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); + OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); return 1; } diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 717fad68ca..74c8769e46 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -228,7 +228,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, iter = ASN1_INTEGER_get(kdf->iter); PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); EVP_CipherInit(ctx, NULL, key, NULL, en_de); - memset(key, 0, keylen); + OPENSSL_cleanse(key, keylen); PBKDF2PARAM_free(kdf); return 1; diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c index 2760c00fec..c766a3a912 100644 --- a/crypto/evp/p_open.c +++ b/crypto/evp/p_open.c @@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek, ret=1; err: - if (key != NULL) memset(key,0,size); + if (key != NULL) OPENSSL_cleanse(key,size); OPENSSL_free(key); return(ret); } diff --git a/crypto/md32_common.h b/crypto/md32_common.h index ad7c4194c2..07f6010c4e 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -602,6 +602,6 @@ void HASH_FINAL (unsigned char *md, HASH_CTX *c) c->num=0; /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack * but I'm not worried :-) - memset((void *)c,0,sizeof(HASH_CTX)); + OPENSSL_cleanse((void *)c,sizeof(HASH_CTX)); */ } diff --git a/crypto/mem.c b/crypto/mem.c index 9df2a367e7..b026fd38aa 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -173,6 +173,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), void *CRYPTO_malloc_locked(int num, const char *file, int line) { void *ret = NULL; + extern unsigned char cleanse_ctr; allow_customize = 0; if (malloc_debug_func != NULL) @@ -187,6 +188,12 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); + /* Create a dependency on the value of 'cleanse_ctr' so our memory + * sanitisation function can't be optimised out. NB: We only do + * this for >2Kb so the overhead doesn't bother us. */ + if(ret && (num > 2048)) + ((unsigned char *)ret)[0] = cleanse_ctr; + return ret; } @@ -205,6 +212,7 @@ void CRYPTO_free_locked(void *str) void *CRYPTO_malloc(int num, const char *file, int line) { void *ret = NULL; + extern unsigned char cleanse_ctr; allow_customize = 0; if (malloc_debug_func != NULL) @@ -219,6 +227,12 @@ void *CRYPTO_malloc(int num, const char *file, int line) if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); + /* Create a dependency on the value of 'cleanse_ctr' so our memory + * sanitisation function can't be optimised out. NB: We only do + * this for >2Kb so the overhead doesn't bother us. */ + if(ret && (num > 2048)) + ((unsigned char *)ret)[0] = cleanse_ctr; + return ret; } diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index ef02599d55..2453e933dc 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -358,7 +358,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, ret=1; err: - memset((char *)&ctx,0,sizeof(ctx)); - memset(buf,0,PEM_BUFSIZE); + OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); + OPENSSL_cleanse(buf,PEM_BUFSIZE); return(ret); } diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 043b578e22..a86a98f419 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -401,13 +401,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, i=PEM_write_bio(bp,name,buf,data,i); if (i <= 0) ret=0; err: - memset(key,0,sizeof(key)); - memset(iv,0,sizeof(iv)); - memset((char *)&ctx,0,sizeof(ctx)); - memset(buf,0,PEM_BUFSIZE); + OPENSSL_cleanse(key,sizeof(key)); + OPENSSL_cleanse(iv,sizeof(iv)); + OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); + OPENSSL_cleanse(buf,PEM_BUFSIZE); if (data != NULL) { - memset(data,0,(unsigned int)dsize); + OPENSSL_cleanse(data,(unsigned int)dsize); OPENSSL_free(data); } return(ret); @@ -447,8 +447,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, EVP_DecryptUpdate(&ctx,data,&i,data,j); o=EVP_DecryptFinal(&ctx,&(data[i]),&j); EVP_CIPHER_CTX_cleanup(&ctx); - memset((char *)buf,0,sizeof(buf)); - memset((char *)key,0,sizeof(key)); + OPENSSL_cleanse((char *)buf,sizeof(buf)); + OPENSSL_cleanse((char *)key,sizeof(key)); j+=i; if (!o) { diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c index 2a6c513348..ed1d3412cf 100644 --- a/crypto/pem/pem_seal.c +++ b/crypto/pem/pem_seal.c @@ -109,7 +109,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, ret=npubk; err: if (s != NULL) OPENSSL_free(s); - memset(key,0,EVP_MAX_KEY_LENGTH); + OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH); return(ret); } diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c index 7b96584f07..17d8d546f1 100644 --- a/crypto/pkcs12/p12_crpt.c +++ b/crypto/pkcs12/p12_crpt.c @@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, } PBEPARAM_free(pbe); EVP_CipherInit(ctx, cipher, key, iv, en_de); - memset(key, 0, EVP_MAX_KEY_LENGTH); - memset(iv, 0, EVP_MAX_IV_LENGTH); + OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); + OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); return 1; } diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 8cd7e2f414..68488db864 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -137,7 +137,7 @@ char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(), if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i, free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); else ret = d2i(NULL, &p, outlen); - if (seq & 2) memset(out, 0, outlen); + if (seq & 2) OPENSSL_cleanse(out, outlen); if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); OPENSSL_free (out); return ret; diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index a4fd5b98ec..298e4c506b 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, id, iter, n, out, md_type); if(unipass) { - memset(unipass, 0, uniplen); /* Clear password from memory */ + OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ OPENSSL_free(unipass); } return ret; diff --git a/crypto/pkcs7/bio_ber.c b/crypto/pkcs7/bio_ber.c index 5447e69818..e73556e302 100644 --- a/crypto/pkcs7/bio_ber.c +++ b/crypto/pkcs7/bio_ber.c @@ -145,7 +145,7 @@ static int ber_free(BIO *a) if (a == NULL) return(0); b=(BIO_BER_CTX *)a->ptr; - memset(a->ptr,0,sizeof(BIO_BER_CTX)); + OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index a45cf76c68..aa4d49e28b 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); } OPENSSL_free(tmp); - memset(key, 0, keylen); + OPENSSL_cleanse(key, keylen); if (out == NULL) out=btmp; @@ -448,7 +448,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0); - memset(tmp,0,jj); + OPENSSL_cleanse(tmp,jj); if (out == NULL) out=etmp; diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 349629c484..5df32b4fe6 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void) static void ssleay_rand_cleanup(void) { - memset(state,0,sizeof(state)); + OPENSSL_cleanse(state,sizeof(state)); state_num=0; state_index=0; - memset(md,0,MD_DIGEST_LENGTH); + OPENSSL_cleanse(md,MD_DIGEST_LENGTH); md_count[0]=0; md_count[1]=0; entropy=0; diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index c94f7bba52..f64c7383b2 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -125,7 +125,7 @@ int RAND_load_file(const char *file, long bytes) } } fclose(in); - memset(buf,0,BUFSIZE); + OPENSSL_cleanse(buf,BUFSIZE); err: return(ret); } @@ -190,7 +190,7 @@ int RAND_write_file(const char *file) #endif /* VMS */ fclose(out); - memset(buf,0,BUFSIZE); + OPENSSL_cleanse(buf,BUFSIZE); err: return (rand_err ? -1 : ret); } diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.c index 709b7aff35..04799009e6 100644 --- a/crypto/rc4/rc4.c +++ b/crypto/rc4/rc4.c @@ -155,7 +155,7 @@ bad: i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0); if (i != 0) { - memset(buf,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); fprintf(stderr,"bad password read\n"); exit(1); } @@ -163,7 +163,7 @@ bad: } MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md); - memset(keystr,0,strlen(keystr)); + OPENSSL_cleanse(keystr,strlen(keystr)); RC4_set_key(&key,MD5_DIGEST_LENGTH,md); for(;;) diff --git a/crypto/ripemd/rmd_one.c b/crypto/ripemd/rmd_one.c index efdf2dd6ef..a783282282 100644 --- a/crypto/ripemd/rmd_one.c +++ b/crypto/ripemd/rmd_one.c @@ -70,7 +70,7 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, RIPEMD160_Init(&c); RIPEMD160_Update(&c,d,n); RIPEMD160_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index a144c4f7df..87695dafc1 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -173,6 +173,8 @@ struct rsa_st #define RSA_NO_PADDING 3 #define RSA_PKCS1_OAEP_PADDING 4 +#define RSA_PKCS1_PADDING_SIZE 11 + #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) #define RSA_get_app_data(s) RSA_get_ex_data(s,0) diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 46538926a3..385f4561d9 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -187,7 +187,7 @@ err: BN_clear_free(&ret); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); @@ -273,7 +273,7 @@ err: BN_clear_free(&f); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); @@ -374,7 +374,7 @@ err: BN_clear_free(&ret); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); @@ -473,7 +473,7 @@ err: BN_clear_free(&ret); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 48a32bc264..b3f1c2200d 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -68,7 +68,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, int j; unsigned char *p; - if (flen > (tlen-11)) + if (flen > (tlen-RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return(0); diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c index c77f4381ff..749fb20965 100644 --- a/crypto/rsa/rsa_saos.c +++ b/crypto/rsa/rsa_saos.c @@ -76,7 +76,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, i=i2d_ASN1_OCTET_STRING(&sig,NULL); j=RSA_size(rsa); - if ((i-RSA_PKCS1_PADDING) > j) + if (i > (j-RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); return(0); @@ -95,7 +95,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, else *siglen=i; - memset(s,0,(unsigned int)j+1); + OPENSSL_cleanse(s,(unsigned int)j+1); OPENSSL_free(s); return(ret); } @@ -137,7 +137,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m, ret=1; err: if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); - memset(s,0,(unsigned int)siglen); + OPENSSL_cleanse(s,(unsigned int)siglen); OPENSSL_free(s); return(ret); } diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index cf00876292..beeaade0f8 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -111,7 +111,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len, i=i2d_X509_SIG(&sig,NULL); } j=RSA_size(rsa); - if ((i-RSA_PKCS1_PADDING) > j) + if (i > (j-RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); return(0); @@ -133,7 +133,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len, *siglen=i; if(type != NID_md5_sha1) { - memset(s,0,(unsigned int)j+1); + OPENSSL_cleanse(s,(unsigned int)j+1); OPENSSL_free(s); } return(ret); @@ -217,7 +217,7 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len, } err: if (sig != NULL) X509_SIG_free(sig); - memset(s,0,(unsigned int)siglen); + OPENSSL_cleanse(s,(unsigned int)siglen); OPENSSL_free(s); return(ret); } diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c index 861752eaa7..e32847ef6c 100644 --- a/crypto/sha/sha1_one.c +++ b/crypto/sha/sha1_one.c @@ -70,7 +70,7 @@ unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md) SHA1_Init(&c); SHA1_Update(&c,d,n); SHA1_Final(md,&c); - memset(&c,0,sizeof(c)); + OPENSSL_cleanse(&c,sizeof(c)); return(md); } #endif diff --git a/crypto/sha/sha_one.c b/crypto/sha/sha_one.c index 2d955de162..65e15befb7 100644 --- a/crypto/sha/sha_one.c +++ b/crypto/sha/sha_one.c @@ -70,7 +70,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md) SHA_Init(&c); SHA_Update(&c,d,n); SHA_Final(md,&c); - memset(&c,0,sizeof(c)); + OPENSSL_cleanse(&c,sizeof(c)); return(md); } #endif diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 9ad9276ff7..90b18a0464 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -897,7 +897,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) ctx->chain=NULL; } CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data)); - memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); + OPENSSL_cleanse(&ctx->ex_data,sizeof(CRYPTO_EX_DATA)); } void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags) diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 0c96064675..bc4113cd68 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -307,7 +307,7 @@ void ssl2_free(SSL *s) s2=s->s2; if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - memset(s2,0,sizeof *s2); + OPENSSL_cleanse(s2,sizeof *s2); OPENSSL_free(s2); s->s2=NULL; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 22a0b097ac..c32a95581d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -695,6 +695,11 @@ static int ssl3_get_server_hello(SSL *s) goto f_err; } + /* Depending on the session caching (internal/external), the cipher + and/or cipher_id values may not be set. Make sure that + cipher_id is set and use it for comparison. */ + if (s->session->cipher) + s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { if (!(s->options & @@ -1456,7 +1461,7 @@ static int ssl3_send_client_key_exchange(SSL *s) s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); - memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); + OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); } else #endif diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 79fa4f97c2..e7743aba2a 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -174,7 +174,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num) km+=MD5_DIGEST_LENGTH; } - memset(smd,0,SHA_DIGEST_LENGTH); + OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); } int ssl3_change_cipher_state(SSL *s, int which) @@ -318,8 +318,8 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); - memset(&(exp_key[0]),0,sizeof(exp_key)); - memset(&(exp_iv[0]),0,sizeof(exp_iv)); + OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key)); + OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv)); return(1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); @@ -390,7 +390,7 @@ void ssl3_cleanup_key_block(SSL *s) { if (s->s3->tmp.key_block != NULL) { - memset(s->s3->tmp.key_block,0, + OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length); OPENSSL_free(s->s3->tmp.key_block); s->s3->tmp.key_block=NULL; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c231d9d06f..fb8ce5e2e3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -732,7 +732,7 @@ void ssl3_free(SSL *s) #endif if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); - memset(s->s3,0,sizeof *s->s3); + OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index cd122da8f1..7a89993b48 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1534,7 +1534,7 @@ static int ssl3_get_client_key_exchange(SSL *s) s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,p,i); - memset(p,0,i); + OPENSSL_cleanse(p,i); } else #endif diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 130fe1018a..a8668e42e6 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -477,13 +477,13 @@ void SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data); - memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); - memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); - memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); + OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH); + OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH); + OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); - memset(ss,0,sizeof(*ss)); + OPENSSL_cleanse(ss,sizeof(*ss)); OPENSSL_free(ss); } diff --git a/ssl/ssltest.c b/ssl/ssltest.c index c779751b8c..d6704852b4 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -224,12 +224,13 @@ int main(int argc, char *argv[]) verbose = 0; debug = 0; cipher = 0; - + + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); RAND_seed(rnd_seed, sizeof rnd_seed); - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); argc--; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index f3ecc5f586..a11e1130d8 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -158,7 +158,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, } HMAC_cleanup(&ctx); HMAC_cleanup(&ctx_tmp); - memset(A1,0,sizeof(A1)); + OPENSSL_cleanse(A1,sizeof(A1)); } static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, @@ -372,10 +372,10 @@ printf("\niv="); printf("\n"); #endif - memset(tmp1,0,sizeof(tmp1)); - memset(tmp2,0,sizeof(tmp1)); - memset(iv1,0,sizeof(iv1)); - memset(iv2,0,sizeof(iv2)); + OPENSSL_cleanse(tmp1,sizeof(tmp1)); + OPENSSL_cleanse(tmp2,sizeof(tmp1)); + OPENSSL_cleanse(iv1,sizeof(iv1)); + OPENSSL_cleanse(iv2,sizeof(iv2)); return(1); err: SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); @@ -426,7 +426,7 @@ printf("pre-master\n"); { int z; for (z=0; zsession->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } #endif tls1_generate_key_block(s,p1,p2,num); - memset(p2,0,num); + OPENSSL_cleanse(p2,num); OPENSSL_free(p2); #ifdef TLS_DEBUG printf("\nkey block\n"); diff --git a/util/libeay.num b/util/libeay.num index 5455b20bf4..6aa12d10fb 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1934,3 +1934,4 @@ ENGINE_set_ctrl_function 2522 EXIST::FUNCTION: BN_pseudo_rand_range 2523 EXIST::FUNCTION: X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION: ERR_load_COMP_strings 2525 EXIST::FUNCTION: +OPENSSL_cleanse 3245 EXIST::FUNCTION: -- 2.25.1