summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-02-04 11:20:14 +1100
committerDamien Miller <djm@mindrot.org>2014-02-04 11:20:14 +1100
commita5103f413bde6f31bff85d6e1fd29799c647d765 (patch)
tree0b35ad9292b2ca8d58229435865d0ec3818e5981
parent1d2c4564265ee827147af246a16f3777741411ed (diff)
- djm@cvs.openbsd.org 2014/02/02 03:44:32
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
Diffstat
-rw-r--r--ChangeLog9
-rw-r--r--auth1.c6
-rw-r--r--auth2-chall.c4
-rw-r--r--auth2-passwd.c6
-rw-r--r--authfile.c14
-rw-r--r--bufaux.c6
-rw-r--r--bufbn.c6
-rw-r--r--buffer.c4
-rw-r--r--cipher-3des1.c6
-rw-r--r--cipher.c8
-rw-r--r--clientloop.c6
-rw-r--r--gss-serv.c5
-rw-r--r--kex.c6
-rw-r--r--kexdhc.c4
-rw-r--r--kexdhs.c4
-rw-r--r--kexecdhc.c4
-rw-r--r--kexecdhs.c4
-rw-r--r--kexgexc.c4
-rw-r--r--kexgexs.c4
-rw-r--r--key.c12
-rw-r--r--monitor.c8
-rw-r--r--monitor_wrap.c6
-rw-r--r--packet.c16
-rw-r--r--readpass.c8
-rw-r--r--rsa.c10
-rw-r--r--serverloop.c4
-rw-r--r--ssh-add.c8
-rw-r--r--ssh-agent.c6
-rw-r--r--ssh-dss.c10
-rw-r--r--ssh-ecdsa.c8
-rw-r--r--ssh-ed25519.c10
-rw-r--r--ssh-keygen.c34
-rw-r--r--ssh-rsa.c14
-rw-r--r--sshconnect.c4
-rw-r--r--sshconnect1.c23
-rw-r--r--sshconnect2.c18
-rw-r--r--sshd.c13
37 files changed, 168 insertions, 154 deletions
diff --git a/ChangeLog b/ChangeLog
index a3f75a8d2..d5ea77c1f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -44,6 +44,15 @@
44 [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] 44 [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
45 replace most bzero with explicit_bzero, except a few that cna be memset 45 replace most bzero with explicit_bzero, except a few that cna be memset
46 ok djm dtucker 46 ok djm dtucker
47 - djm@cvs.openbsd.org 2014/02/02 03:44:32
48 [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
49 [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
50 [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
51 [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
52 [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
53 [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
54 [sshd.c]
55 convert memset of potentially-private data to explicit_bzero()
47 56
4820140131 5720140131
49 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) 58 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
diff --git a/auth1.c b/auth1.c
index f1ac59814..0f870b3b6 100644
--- a/auth1.c
+++ b/auth1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */ 1/* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -129,7 +129,7 @@ auth1_process_password(Authctxt *authctxt)
129 /* Try authentication with the password. */ 129 /* Try authentication with the password. */
130 authenticated = PRIVSEP(auth_password(authctxt, password)); 130 authenticated = PRIVSEP(auth_password(authctxt, password));
131 131
132 memset(password, 0, dlen); 132 explicit_bzero(password, dlen);
133 free(password); 133 free(password);
134 134
135 return (authenticated); 135 return (authenticated);
@@ -222,7 +222,7 @@ auth1_process_tis_response(Authctxt *authctxt)
222 response = packet_get_string(&dlen); 222 response = packet_get_string(&dlen);
223 packet_check_eom(); 223 packet_check_eom();
224 authenticated = verify_response(authctxt, response); 224 authenticated = verify_response(authctxt, response);
225 memset(response, 'r', dlen); 225 explicit_bzero(response, dlen);
226 free(response); 226 free(response);
227 227
228 return (authenticated); 228 return (authenticated);
diff --git a/auth2-chall.c b/auth2-chall.c
index 4cfd8ff5b..980250a91 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-chall.c,v 1.40 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: auth2-chall.c,v 1.41 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2001 Per Allansson. All rights reserved. 4 * Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -312,7 +312,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
312 res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); 312 res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
313 313
314 for (i = 0; i < nresp; i++) { 314 for (i = 0; i < nresp; i++) {
315 memset(response[i], 'r', strlen(response[i])); 315 explicit_bzero(response[i], strlen(response[i]));
316 free(response[i]); 316 free(response[i]);
317 } 317 }
318 free(response); 318 free(response);
diff --git a/auth2-passwd.c b/auth2-passwd.c
index 21bc5047d..707680cd0 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */ 1/* $OpenBSD: auth2-passwd.c,v 1.11 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -59,7 +59,7 @@ userauth_passwd(Authctxt *authctxt)
59 if (change) { 59 if (change) {
60 /* discard new password from packet */ 60 /* discard new password from packet */
61 newpass = packet_get_string(&newlen); 61 newpass = packet_get_string(&newlen);
62 memset(newpass, 0, newlen); 62 explicit_bzero(newpass, newlen);
63 free(newpass); 63 free(newpass);
64 } 64 }
65 packet_check_eom(); 65 packet_check_eom();
@@ -68,7 +68,7 @@ userauth_passwd(Authctxt *authctxt)
68 logit("password change not supported"); 68 logit("password change not supported");
69 else if (PRIVSEP(auth_password(authctxt, password)) == 1) 69 else if (PRIVSEP(auth_password(authctxt, password)) == 1)
70 authenticated = 1; 70 authenticated = 1;
71 memset(password, 0, len); 71 explicit_bzero(password, len);
72 free(password); 72 free(password);
73 return authenticated; 73 return authenticated;
74} 74}
diff --git a/authfile.c b/authfile.c
index 22da0eb05..d7eaa9dec 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.102 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -131,7 +131,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
131 buffer_put_int(&kdf, rounds); 131 buffer_put_int(&kdf, rounds);
132 } 132 }
133 cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1); 133 cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);
134 memset(key, 0, keylen + ivlen); 134 explicit_bzero(key, keylen + ivlen);
135 free(key); 135 free(key);
136 136
137 buffer_init(&encoded); 137 buffer_init(&encoded);
@@ -143,7 +143,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
143 key_to_blob(prv, &cp, &len); /* public key */ 143 key_to_blob(prv, &cp, &len); /* public key */
144 buffer_put_string(&encoded, cp, len); 144 buffer_put_string(&encoded, cp, len);
145 145
146 memset(cp, 0, len); 146 explicit_bzero(cp, len);
147 free(cp); 147 free(cp);
148 148
149 buffer_free(&kdf); 149 buffer_free(&kdf);
@@ -409,7 +409,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase,
409 free(salt); 409 free(salt);
410 free(comment); 410 free(comment);
411 if (key) 411 if (key)
412 memset(key, 0, keylen + ivlen); 412 explicit_bzero(key, keylen + ivlen);
413 free(key); 413 free(key);
414 buffer_free(&encoded); 414 buffer_free(&encoded);
415 buffer_free(&copy); 415 buffer_free(&copy);
@@ -496,10 +496,10 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
496 buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0) 496 buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)
497 fatal("%s: cipher_crypt failed", __func__); 497 fatal("%s: cipher_crypt failed", __func__);
498 cipher_cleanup(&ciphercontext); 498 cipher_cleanup(&ciphercontext);
499 memset(&ciphercontext, 0, sizeof(ciphercontext)); 499 explicit_bzero(&ciphercontext, sizeof(ciphercontext));
500 500
501 /* Destroy temporary data. */ 501 /* Destroy temporary data. */
502 memset(buf, 0, sizeof(buf)); 502 explicit_bzero(buf, sizeof(buf));
503 buffer_free(&buffer); 503 buffer_free(&buffer);
504 504
505 buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); 505 buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
@@ -831,7 +831,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
831 buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0) 831 buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0)
832 fatal("%s: cipher_crypt failed", __func__); 832 fatal("%s: cipher_crypt failed", __func__);
833 cipher_cleanup(&ciphercontext); 833 cipher_cleanup(&ciphercontext);
834 memset(&ciphercontext, 0, sizeof(ciphercontext)); 834 explicit_bzero(&ciphercontext, sizeof(ciphercontext));
835 buffer_free(&copy); 835 buffer_free(&copy);
836 836
837 check1 = buffer_get_char(&decrypted); 837 check1 = buffer_get_char(&decrypted);
diff --git a/bufaux.c b/bufaux.c
index f1f14b33d..e24b5fc0a 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bufaux.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -346,7 +346,7 @@ buffer_get_bignum2_as_string_ret(Buffer *buffer, u_int *length_ptr)
346 } 346 }
347 ret = xmalloc(len); 347 ret = xmalloc(len);
348 memcpy(ret, p, len); 348 memcpy(ret, p, len);
349 memset(p, '\0', len); 349 explicit_bzero(p, len);
350 free(bin); 350 free(bin);
351 return ret; 351 return ret;
352} 352}
@@ -383,7 +383,7 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
383 } 383 }
384 memcpy(p, s, l); 384 memcpy(p, s, l);
385 buffer_put_string(buffer, buf, l + pad); 385 buffer_put_string(buffer, buf, l + pad);
386 memset(buf, '\0', l + pad); 386 explicit_bzero(buf, l + pad);
387 free(buf); 387 free(buf);
388} 388}
389 389
diff --git a/bufbn.c b/bufbn.c
index 2ebc80a27..c4ad810e4 100644
--- a/bufbn.c
+++ b/bufbn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bufbn.c,v 1.8 2013/11/08 11:15:19 dtucker Exp $*/ 1/* $OpenBSD: bufbn.c,v 1.9 2014/02/02 03:44:31 djm Exp $*/
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -80,7 +80,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
80 /* Store the binary data. */ 80 /* Store the binary data. */
81 buffer_append(buffer, buf, oi); 81 buffer_append(buffer, buf, oi);
82 82
83 memset(buf, 0, bin_size); 83 explicit_bzero(buf, bin_size);
84 free(buf); 84 free(buf);
85 85
86 return (0); 86 return (0);
@@ -173,7 +173,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
173 } 173 }
174 hasnohigh = (buf[1] & 0x80) ? 0 : 1; 174 hasnohigh = (buf[1] & 0x80) ? 0 : 1;
175 buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); 175 buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
176 memset(buf, 0, bytes); 176 explicit_bzero(buf, bytes);
177 free(buf); 177 free(buf);
178 return (0); 178 return (0);
179} 179}
diff --git a/buffer.c b/buffer.c
index 9e7c40a5a..d240f6753 100644
--- a/buffer.c
+++ b/buffer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: buffer.c,v 1.34 2013/11/08 11:15:19 dtucker Exp $ */ 1/* $OpenBSD: buffer.c,v 1.35 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -49,7 +49,7 @@ void
49buffer_free(Buffer *buffer) 49buffer_free(Buffer *buffer)
50{ 50{
51 if (buffer->alloc > 0) { 51 if (buffer->alloc > 0) {
52 memset(buffer->buf, 0, buffer->alloc); 52 explicit_bzero(buffer->buf, buffer->alloc);
53 buffer->alloc = 0; 53 buffer->alloc = 0;
54 free(buffer->buf); 54 free(buffer->buf);
55 } 55 }
diff --git a/cipher-3des1.c b/cipher-3des1.c
index 56fc77786..b2823592b 100644
--- a/cipher-3des1.c
+++ b/cipher-3des1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher-3des1.c,v 1.9 2013/11/08 00:39:15 djm Exp $ */ 1/* $OpenBSD: cipher-3des1.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2003 Markus Friedl. All rights reserved. 3 * Copyright (c) 2003 Markus Friedl. All rights reserved.
4 * 4 *
@@ -93,7 +93,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
93 if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || 93 if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
94 EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || 94 EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
95 EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { 95 EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
96 memset(c, 0, sizeof(*c)); 96 explicit_bzero(c, sizeof(*c));
97 free(c); 97 free(c);
98 EVP_CIPHER_CTX_set_app_data(ctx, NULL); 98 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
99 return (0); 99 return (0);
@@ -134,7 +134,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
134 EVP_CIPHER_CTX_cleanup(&c->k1); 134 EVP_CIPHER_CTX_cleanup(&c->k1);
135 EVP_CIPHER_CTX_cleanup(&c->k2); 135 EVP_CIPHER_CTX_cleanup(&c->k2);
136 EVP_CIPHER_CTX_cleanup(&c->k3); 136 EVP_CIPHER_CTX_cleanup(&c->k3);
137 memset(c, 0, sizeof(*c)); 137 explicit_bzero(c, sizeof(*c));
138 free(c); 138 free(c);
139 EVP_CIPHER_CTX_set_app_data(ctx, NULL); 139 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
140 } 140 }
diff --git a/cipher.c b/cipher.c
index 98961be1a..ee79a1ef4 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.c,v 1.95 2014/01/27 19:18:54 markus Exp $ */ 1/* $OpenBSD: cipher.c,v 1.96 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -337,7 +337,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
337 if (EVP_Cipher(&cc->evp, discard, junk, 337 if (EVP_Cipher(&cc->evp, discard, junk,
338 cipher->discard_len) == 0) 338 cipher->discard_len) == 0)
339 fatal("evp_crypt: EVP_Cipher failed during discard"); 339 fatal("evp_crypt: EVP_Cipher failed during discard");
340 memset(discard, 0, cipher->discard_len); 340 explicit_bzero(discard, cipher->discard_len);
341 free(junk); 341 free(junk);
342 free(discard); 342 free(discard);
343 } 343 }
@@ -422,7 +422,7 @@ void
422cipher_cleanup(CipherContext *cc) 422cipher_cleanup(CipherContext *cc)
423{ 423{
424 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) 424 if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
425 memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx)); 425 explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
426 else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) 426 else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
427 error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); 427 error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
428} 428}
@@ -444,7 +444,7 @@ cipher_set_key_string(CipherContext *cc, const Cipher *cipher,
444 444
445 cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); 445 cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt);
446 446
447 memset(digest, 0, sizeof(digest)); 447 explicit_bzero(digest, sizeof(digest));
448} 448}
449 449
450/* 450/*
diff --git a/clientloop.c b/clientloop.c
index fd3ff49e8..59ad3a2c3 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.257 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.258 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1761,7 +1761,7 @@ client_input_stdout_data(int type, u_int32_t seq, void *ctxt)
1761 char *data = packet_get_string(&data_len); 1761 char *data = packet_get_string(&data_len);
1762 packet_check_eom(); 1762 packet_check_eom();
1763 buffer_append(&stdout_buffer, data, data_len); 1763 buffer_append(&stdout_buffer, data, data_len);
1764 memset(data, 0, data_len); 1764 explicit_bzero(data, data_len);
1765 free(data); 1765 free(data);
1766} 1766}
1767static void 1767static void
@@ -1771,7 +1771,7 @@ client_input_stderr_data(int type, u_int32_t seq, void *ctxt)
1771 char *data = packet_get_string(&data_len); 1771 char *data = packet_get_string(&data_len);
1772 packet_check_eom(); 1772 packet_check_eom();
1773 buffer_append(&stderr_buffer, data, data_len); 1773 buffer_append(&stderr_buffer, data, data_len);
1774 memset(data, 0, data_len); 1774 explicit_bzero(data, data_len);
1775 free(data); 1775 free(data);
1776} 1776}
1777static void 1777static void
diff --git a/gss-serv.c b/gss-serv.c
index 95348e251..b61e6e140 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */ 1/* $OpenBSD: gss-serv.c,v 1.25 2014/02/02 03:44:31 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -346,7 +346,8 @@ ssh_gssapi_userok(char *user)
346 gss_release_buffer(&lmin, &gssapi_client.displayname); 346 gss_release_buffer(&lmin, &gssapi_client.displayname);
347 gss_release_buffer(&lmin, &gssapi_client.exportedname); 347 gss_release_buffer(&lmin, &gssapi_client.exportedname);
348 gss_release_cred(&lmin, &gssapi_client.creds); 348 gss_release_cred(&lmin, &gssapi_client.creds);
349 memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); 349 explicit_bzero(&gssapi_client,
350 sizeof(ssh_gssapi_client));
350 return 0; 351 return 0;
351 } 352 }
352 else 353 else
diff --git a/kex.c b/kex.c
index 616484b85..74e2b8682 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.97 2014/01/25 20:35:37 markus Exp $ */ 1/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -666,8 +666,8 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
666 fatal("%s: ssh_digest_final failed", __func__); 666 fatal("%s: ssh_digest_final failed", __func__);
667 memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5)); 667 memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5));
668 668
669 memset(nbuf, 0, sizeof(nbuf)); 669 explicit_bzero(nbuf, sizeof(nbuf));
670 memset(obuf, 0, sizeof(obuf)); 670 explicit_bzero(obuf, sizeof(obuf));
671} 671}
672 672
673#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) 673#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
diff --git a/kexdhc.c b/kexdhc.c
index 78509af21..f7a19fc13 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhc.c,v 1.14 2014/01/12 08:13:13 djm Exp $ */ 1/* $OpenBSD: kexdhc.c,v 1.15 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -124,7 +124,7 @@ kexdh_client(Kex *kex)
124 fatal("kexdh_client: BN_new failed"); 124 fatal("kexdh_client: BN_new failed");
125 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) 125 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
126 fatal("kexdh_client: BN_bin2bn failed"); 126 fatal("kexdh_client: BN_bin2bn failed");
127 memset(kbuf, 0, klen); 127 explicit_bzero(kbuf, klen);
128 free(kbuf); 128 free(kbuf);
129 129
130 /* calc and verify H */ 130 /* calc and verify H */
diff --git a/kexdhs.c b/kexdhs.c
index d2c7adc96..c3011f741 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhs.c,v 1.17 2014/01/12 08:13:13 djm Exp $ */ 1/* $OpenBSD: kexdhs.c,v 1.18 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -110,7 +110,7 @@ kexdh_server(Kex *kex)
110 fatal("kexdh_server: BN_new failed"); 110 fatal("kexdh_server: BN_new failed");
111 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) 111 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
112 fatal("kexdh_server: BN_bin2bn failed"); 112 fatal("kexdh_server: BN_bin2bn failed");
113 memset(kbuf, 0, klen); 113 explicit_bzero(kbuf, klen);
114 free(kbuf); 114 free(kbuf);
115 115
116 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); 116 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
diff --git a/kexecdhc.c b/kexecdhc.c
index e3d1cf5f9..2f7629cca 100644
--- a/kexecdhc.c
+++ b/kexecdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexecdhc.c,v 1.6 2014/01/12 08:13:13 djm Exp $ */ 1/* $OpenBSD: kexecdhc.c,v 1.7 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -119,7 +119,7 @@ kexecdh_client(Kex *kex)
119 fatal("%s: BN_new failed", __func__); 119 fatal("%s: BN_new failed", __func__);
120 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) 120 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
121 fatal("%s: BN_bin2bn failed", __func__); 121 fatal("%s: BN_bin2bn failed", __func__);
122 memset(kbuf, 0, klen); 122 explicit_bzero(kbuf, klen);
123 free(kbuf); 123 free(kbuf);
124 124
125 /* calc and verify H */ 125 /* calc and verify H */
diff --git a/kexecdhs.c b/kexecdhs.c
index 6fbb79c9d..2700b7219 100644
--- a/kexecdhs.c
+++ b/kexecdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexecdhs.c,v 1.9 2014/01/12 08:13:13 djm Exp $ */ 1/* $OpenBSD: kexecdhs.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -103,7 +103,7 @@ kexecdh_server(Kex *kex)
103 fatal("%s: BN_new failed", __func__); 103 fatal("%s: BN_new failed", __func__);
104 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) 104 if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
105 fatal("%s: BN_bin2bn failed", __func__); 105 fatal("%s: BN_bin2bn failed", __func__);
106 memset(kbuf, 0, klen); 106 explicit_bzero(kbuf, klen);
107 free(kbuf); 107 free(kbuf);
108 108
109 /* calc H */ 109 /* calc H */
diff --git a/kexgexc.c b/kexgexc.c
index 629b5fbbc..355b7ba31 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexc.c,v 1.16 2014/01/25 10:12:50 dtucker Exp $ */ 1/* $OpenBSD: kexgexc.c,v 1.17 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -162,7 +162,7 @@ kexgex_client(Kex *kex)
162 fatal("kexgex_client: BN_new failed"); 162 fatal("kexgex_client: BN_new failed");
163 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) 163 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
164 fatal("kexgex_client: BN_bin2bn failed"); 164 fatal("kexgex_client: BN_bin2bn failed");
165 memset(kbuf, 0, klen); 165 explicit_bzero(kbuf, klen);
166 free(kbuf); 166 free(kbuf);
167 167
168 if (datafellows & SSH_OLD_DHGEX) 168 if (datafellows & SSH_OLD_DHGEX)
diff --git a/kexgexs.c b/kexgexs.c
index 8773778ed..770ad28a8 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexs.c,v 1.18 2014/01/12 08:13:13 djm Exp $ */ 1/* $OpenBSD: kexgexs.c,v 1.19 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -150,7 +150,7 @@ kexgex_server(Kex *kex)
150 fatal("kexgex_server: BN_new failed"); 150 fatal("kexgex_server: BN_new failed");
151 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) 151 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
152 fatal("kexgex_server: BN_bin2bn failed"); 152 fatal("kexgex_server: BN_bin2bn failed");
153 memset(kbuf, 0, klen); 153 explicit_bzero(kbuf, klen);
154 free(kbuf); 154 free(kbuf);
155 155
156 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); 156 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
diff --git a/key.c b/key.c
index 914233808..168e1b7d7 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.c,v 1.115 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: key.c,v 1.116 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * read_bignum(): 3 * read_bignum():
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -242,12 +242,12 @@ key_free(Key *k)
242 case KEY_ED25519: 242 case KEY_ED25519:
243 case KEY_ED25519_CERT: 243 case KEY_ED25519_CERT:
244 if (k->ed25519_pk) { 244 if (k->ed25519_pk) {
245 memset(k->ed25519_pk, 0, ED25519_PK_SZ); 245 explicit_bzero(k->ed25519_pk, ED25519_PK_SZ);
246 free(k->ed25519_pk); 246 free(k->ed25519_pk);
247 k->ed25519_pk = NULL; 247 k->ed25519_pk = NULL;
248 } 248 }
249 if (k->ed25519_sk) { 249 if (k->ed25519_sk) {
250 memset(k->ed25519_sk, 0, ED25519_SK_SZ); 250 explicit_bzero(k->ed25519_sk, ED25519_SK_SZ);
251 free(k->ed25519_sk); 251 free(k->ed25519_sk);
252 k->ed25519_sk = NULL; 252 k->ed25519_sk = NULL;
253 } 253 }
@@ -415,7 +415,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
415 if ((ssh_digest_memory(hash_alg, blob, len, 415 if ((ssh_digest_memory(hash_alg, blob, len,
416 retval, SSH_DIGEST_MAX_LENGTH)) != 0) 416 retval, SSH_DIGEST_MAX_LENGTH)) != 0)
417 fatal("%s: digest_memory failed", __func__); 417 fatal("%s: digest_memory failed", __func__);
418 memset(blob, 0, len); 418 explicit_bzero(blob, len);
419 free(blob); 419 free(blob);
420 *dgst_raw_length = ssh_digest_bytes(hash_alg); 420 *dgst_raw_length = ssh_digest_bytes(hash_alg);
421 } else { 421 } else {
@@ -623,7 +623,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
623 dgst_rep); 623 dgst_rep);
624 break; 624 break;
625 } 625 }
626 memset(dgst_raw, 0, dgst_raw_len); 626 explicit_bzero(dgst_raw, dgst_raw_len);
627 free(dgst_raw); 627 free(dgst_raw);
628 return retval; 628 return retval;
629} 629}
@@ -1744,7 +1744,7 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain)
1744 *blobp = xmalloc(len); 1744 *blobp = xmalloc(len);
1745 memcpy(*blobp, buffer_ptr(&b), len); 1745 memcpy(*blobp, buffer_ptr(&b), len);
1746 } 1746 }
1747 memset(buffer_ptr(&b), 0, len); 1747 explicit_bzero(buffer_ptr(&b), len);
1748 buffer_free(&b); 1748 buffer_free(&b);
1749 return len; 1749 return len;
1750} 1750}
diff --git a/monitor.c b/monitor.c
index 79bd7c0c4..531c4f9a8 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.130 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -858,7 +858,7 @@ mm_answer_authpassword(int sock, Buffer *m)
858 /* Only authenticate if the context is valid */ 858 /* Only authenticate if the context is valid */
859 authenticated = options.password_authentication && 859 authenticated = options.password_authentication &&
860 auth_password(authctxt, passwd); 860 auth_password(authctxt, passwd);
861 memset(passwd, 0, strlen(passwd)); 861 explicit_bzero(passwd, strlen(passwd));
862 free(passwd); 862 free(passwd);
863 863
864 buffer_clear(m); 864 buffer_clear(m);
@@ -1800,13 +1800,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
1800 /* XXX inefficient for large buffers, need: buffer_init_from_string */ 1800 /* XXX inefficient for large buffers, need: buffer_init_from_string */
1801 buffer_clear(packet_get_input()); 1801 buffer_clear(packet_get_input());
1802 buffer_append(packet_get_input(), child_state.input, child_state.ilen); 1802 buffer_append(packet_get_input(), child_state.input, child_state.ilen);
1803 memset(child_state.input, 0, child_state.ilen); 1803 explicit_bzero(child_state.input, child_state.ilen);
1804 free(child_state.input); 1804 free(child_state.input);
1805 1805
1806 buffer_clear(packet_get_output()); 1806 buffer_clear(packet_get_output());
1807 buffer_append(packet_get_output(), child_state.output, 1807 buffer_append(packet_get_output(), child_state.output,
1808 child_state.olen); 1808 child_state.olen);
1809 memset(child_state.output, 0, child_state.olen); 1809 explicit_bzero(child_state.output, child_state.olen);
1810 free(child_state.output); 1810 free(child_state.output);
1811 1811
1812 /* Roaming */ 1812 /* Roaming */
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 64c262363..1a47e4174 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.78 2014/01/29 06:18:35 djm Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.79 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -572,7 +572,7 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
572 *blobp = xmalloc(len); 572 *blobp = xmalloc(len);
573 memcpy(*blobp, buffer_ptr(&b), len); 573 memcpy(*blobp, buffer_ptr(&b), len);
574 } 574 }
575 memset(buffer_ptr(&b), 0, len); 575 explicit_bzero(buffer_ptr(&b), len);
576 buffer_free(&b); 576 buffer_free(&b);
577 return len; 577 return len;
578} 578}
@@ -616,7 +616,7 @@ mm_send_keystate(struct monitor *monitor)
616 key = xmalloc(keylen+1); /* add 1 if keylen == 0 */ 616 key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
617 keylen = packet_get_encryption_key(key); 617 keylen = packet_get_encryption_key(key);
618 buffer_put_string(&m, key, keylen); 618 buffer_put_string(&m, key, keylen);
619 memset(key, 0, keylen); 619 explicit_bzero(key, keylen);
620 free(key); 620 free(key);
621 621
622 ivlen = packet_get_keyiv_len(MODE_OUT); 622 ivlen = packet_get_keyiv_len(MODE_OUT);
diff --git a/packet.c b/packet.c
index 6cf7edbb8..54c0558f9 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.191 2013/12/06 13:34:54 markus Exp $ */ 1/* $OpenBSD: packet.c,v 1.192 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -764,9 +764,9 @@ set_newkeys(int mode)
764 mac = &active_state->newkeys[mode]->mac; 764 mac = &active_state->newkeys[mode]->mac;
765 comp = &active_state->newkeys[mode]->comp; 765 comp = &active_state->newkeys[mode]->comp;
766 mac_clear(mac); 766 mac_clear(mac);
767 memset(enc->iv, 0, enc->iv_len); 767 explicit_bzero(enc->iv, enc->iv_len);
768 memset(enc->key, 0, enc->key_len); 768 explicit_bzero(enc->key, enc->key_len);
769 memset(mac->key, 0, mac->key_len); 769 explicit_bzero(mac->key, mac->key_len);
770 free(enc->name); 770 free(enc->name);
771 free(enc->iv); 771 free(enc->iv);
772 free(enc->key); 772 free(enc->key);
@@ -787,9 +787,9 @@ set_newkeys(int mode)
787 cipher_init(cc, enc->cipher, enc->key, enc->key_len, 787 cipher_init(cc, enc->cipher, enc->key, enc->key_len,
788 enc->iv, enc->iv_len, crypt_type); 788 enc->iv, enc->iv_len, crypt_type);
789 /* Deleting the keys does not gain extra security */ 789 /* Deleting the keys does not gain extra security */
790 /* memset(enc->iv, 0, enc->block_size); 790 /* explicit_bzero(enc->iv, enc->block_size);
791 memset(enc->key, 0, enc->key_len); 791 explicit_bzero(enc->key, enc->key_len);
792 memset(mac->key, 0, mac->key_len); */ 792 explicit_bzero(mac->key, mac->key_len); */
793 if ((comp->type == COMP_ZLIB || 793 if ((comp->type == COMP_ZLIB ||
794 (comp->type == COMP_DELAYED && 794 (comp->type == COMP_DELAYED &&
795 active_state->after_authentication)) && comp->enabled == 0) { 795 active_state->after_authentication)) && comp->enabled == 0) {
@@ -928,7 +928,7 @@ packet_send2_wrapped(void)
928 } 928 }
929 } else { 929 } else {
930 /* clear padding */ 930 /* clear padding */
931 memset(cp, 0, padlen); 931 explicit_bzero(cp, padlen);
932 } 932 }
933 /* sizeof (packet_len + pad_len + payload + padding) */ 933 /* sizeof (packet_len + pad_len + payload + padding) */
934 len = buffer_len(&active_state->outgoing_packet); 934 len = buffer_len(&active_state->outgoing_packet);
diff --git a/readpass.c b/readpass.c
index e37d31158..869d86425 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */ 1/* $OpenBSD: readpass.c,v 1.50 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -99,13 +99,13 @@ ssh_askpass(char *askpass, const char *msg)
99 break; 99 break;
100 signal(SIGCHLD, osigchld); 100 signal(SIGCHLD, osigchld);
101 if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { 101 if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
102 memset(buf, 0, sizeof(buf)); 102 explicit_bzero(buf, sizeof(buf));
103 return NULL; 103 return NULL;
104 } 104 }
105 105
106 buf[strcspn(buf, "\r\n")] = '\0'; 106 buf[strcspn(buf, "\r\n")] = '\0';
107 pass = xstrdup(buf); 107 pass = xstrdup(buf);
108 memset(buf, 0, sizeof(buf)); 108 explicit_bzero(buf, sizeof(buf));
109 return pass; 109 return pass;
110} 110}
111 111
@@ -162,7 +162,7 @@ read_passphrase(const char *prompt, int flags)
162 } 162 }
163 163
164 ret = xstrdup(buf); 164 ret = xstrdup(buf);
165 memset(buf, 'x', sizeof buf); 165 explicit_bzero(buf, sizeof(buf));
166 return ret; 166 return ret;
167} 167}
168 168
diff --git a/rsa.c b/rsa.c
index a9ee6b0ed..d0b5bbf5e 100644
--- a/rsa.c
+++ b/rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */ 1/* $OpenBSD: rsa.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -94,8 +94,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
94 if (BN_bin2bn(outbuf, len, out) == NULL) 94 if (BN_bin2bn(outbuf, len, out) == NULL)
95 fatal("rsa_public_encrypt: BN_bin2bn failed"); 95 fatal("rsa_public_encrypt: BN_bin2bn failed");
96 96
97 memset(outbuf, 0, olen); 97 explicit_bzero(outbuf, olen);
98 memset(inbuf, 0, ilen); 98 explicit_bzero(inbuf, ilen);
99 free(outbuf); 99 free(outbuf);
100 free(inbuf); 100 free(inbuf);
101} 101}
@@ -120,8 +120,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
120 if (BN_bin2bn(outbuf, len, out) == NULL) 120 if (BN_bin2bn(outbuf, len, out) == NULL)
121 fatal("rsa_private_decrypt: BN_bin2bn failed"); 121 fatal("rsa_private_decrypt: BN_bin2bn failed");
122 } 122 }
123 memset(outbuf, 0, olen); 123 explicit_bzero(outbuf, olen);
124 memset(inbuf, 0, ilen); 124 explicit_bzero(inbuf, ilen);
125 free(outbuf); 125 free(outbuf);
126 free(inbuf); 126 free(inbuf);
127 return len; 127 return len;
diff --git a/serverloop.c b/serverloop.c
index 5b2f8028d..2f8e3a06a 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.169 2013/12/19 00:19:12 dtucker Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.170 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -920,7 +920,7 @@ server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
920 data = packet_get_string(&data_len); 920 data = packet_get_string(&data_len);
921 packet_check_eom(); 921 packet_check_eom();
922 buffer_append(&stdin_buffer, data, data_len); 922 buffer_append(&stdin_buffer, data, data_len);
923 memset(data, 0, data_len); 923 explicit_bzero(data, data_len);
924 free(data); 924 free(data);
925} 925}
926 926
diff --git a/ssh-add.c b/ssh-add.c
index 63ce72083..3421452af 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.108 2013/12/19 00:10:30 djm Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.109 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -90,7 +90,7 @@ static void
90clear_pass(void) 90clear_pass(void)
91{ 91{
92 if (pass) { 92 if (pass) {
93 memset(pass, 0, strlen(pass)); 93 explicit_bzero(pass, strlen(pass));
94 free(pass); 94 free(pass);
95 pass = NULL; 95 pass = NULL;
96 } 96 }
@@ -366,7 +366,7 @@ lock_agent(AuthenticationConnection *ac, int lock)
366 fprintf(stderr, "Passwords do not match.\n"); 366 fprintf(stderr, "Passwords do not match.\n");
367 passok = 0; 367 passok = 0;
368 } 368 }
369 memset(p2, 0, strlen(p2)); 369 explicit_bzero(p2, strlen(p2));
370 free(p2); 370 free(p2);
371 } 371 }
372 if (passok && ssh_lock_agent(ac, lock, p1)) { 372 if (passok && ssh_lock_agent(ac, lock, p1)) {
@@ -374,7 +374,7 @@ lock_agent(AuthenticationConnection *ac, int lock)
374 ret = 0; 374 ret = 0;
375 } else 375 } else
376 fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); 376 fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un");
377 memset(p1, 0, strlen(p1)); 377 explicit_bzero(p1, strlen(p1));
378 free(p1); 378 free(p1);
379 return (ret); 379 return (ret);
380} 380}
diff --git a/ssh-agent.c b/ssh-agent.c
index 256dff50c..ba2461211 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.182 2014/01/27 19:18:54 markus Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.183 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -554,7 +554,7 @@ process_lock_agent(SocketEntry *e, int lock)
554 passwd = buffer_get_string(&e->request, NULL); 554 passwd = buffer_get_string(&e->request, NULL);
555 if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { 555 if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
556 locked = 0; 556 locked = 0;
557 memset(lock_passwd, 0, strlen(lock_passwd)); 557 explicit_bzero(lock_passwd, strlen(lock_passwd));
558 free(lock_passwd); 558 free(lock_passwd);
559 lock_passwd = NULL; 559 lock_passwd = NULL;
560 success = 1; 560 success = 1;
@@ -563,7 +563,7 @@ process_lock_agent(SocketEntry *e, int lock)
563 lock_passwd = xstrdup(passwd); 563 lock_passwd = xstrdup(passwd);
564 success = 1; 564 success = 1;
565 } 565 }
566 memset(passwd, 0, strlen(passwd)); 566 explicit_bzero(passwd, strlen(passwd));
567 free(passwd); 567 free(passwd);
568 568
569 buffer_put_int(&e->output, 1); 569 buffer_put_int(&e->output, 1);
diff --git a/ssh-dss.c b/ssh-dss.c
index 7b897475c..6b4abcb7d 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-dss.c,v 1.30 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: ssh-dss.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -65,7 +65,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
65 } 65 }
66 66
67 sig = DSA_do_sign(digest, dlen, key->dsa); 67 sig = DSA_do_sign(digest, dlen, key->dsa);
68 memset(digest, 'd', sizeof(digest)); 68 explicit_bzero(digest, sizeof(digest));
69 69
70 if (sig == NULL) { 70 if (sig == NULL) {
71 error("ssh_dss_sign: sign failed"); 71 error("ssh_dss_sign: sign failed");
@@ -79,7 +79,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
79 DSA_SIG_free(sig); 79 DSA_SIG_free(sig);
80 return -1; 80 return -1;
81 } 81 }
82 memset(sigblob, 0, SIGBLOB_LEN); 82 explicit_bzero(sigblob, SIGBLOB_LEN);
83 BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); 83 BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
84 BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); 84 BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
85 DSA_SIG_free(sig); 85 DSA_SIG_free(sig);
@@ -168,7 +168,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
168 fatal("%s: BN_bin2bn failed", __func__); 168 fatal("%s: BN_bin2bn failed", __func__);
169 169
170 /* clean up */ 170 /* clean up */
171 memset(sigblob, 0, len); 171 explicit_bzero(sigblob, len);
172 free(sigblob); 172 free(sigblob);
173 173
174 /* sha1 the data */ 174 /* sha1 the data */
@@ -179,7 +179,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
179 } 179 }
180 180
181 ret = DSA_do_verify(digest, dlen, sig, key->dsa); 181 ret = DSA_do_verify(digest, dlen, sig, key->dsa);
182 memset(digest, 'd', sizeof(digest)); 182 explicit_bzero(digest, sizeof(digest));
183 183
184 DSA_SIG_free(sig); 184 DSA_SIG_free(sig);
185 185
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
index 10ad9da60..95b222446 100644
--- a/ssh-ecdsa.c
+++ b/ssh-ecdsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-ecdsa.c,v 1.8 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: ssh-ecdsa.c,v 1.9 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -72,7 +72,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
72 } 72 }
73 73
74 sig = ECDSA_do_sign(digest, dlen, key->ecdsa); 74 sig = ECDSA_do_sign(digest, dlen, key->ecdsa);
75 memset(digest, 'd', sizeof(digest)); 75 explicit_bzero(digest, sizeof(digest));
76 76
77 if (sig == NULL) { 77 if (sig == NULL) {
78 error("%s: sign failed", __func__); 78 error("%s: sign failed", __func__);
@@ -153,7 +153,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
153 buffer_free(&bb); 153 buffer_free(&bb);
154 154
155 /* clean up */ 155 /* clean up */
156 memset(sigblob, 0, len); 156 explicit_bzero(sigblob, len);
157 free(sigblob); 157 free(sigblob);
158 158
159 /* hash the data */ 159 /* hash the data */
@@ -169,7 +169,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
169 } 169 }
170 170
171 ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); 171 ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa);
172 memset(digest, 'd', sizeof(digest)); 172 explicit_bzero(digest, sizeof(digest));
173 173
174 ECDSA_SIG_free(sig); 174 ECDSA_SIG_free(sig);
175 175
diff --git a/ssh-ed25519.c b/ssh-ed25519.c
index 1aedcf83a..56c480df2 100644
--- a/ssh-ed25519.c
+++ b/ssh-ed25519.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-ed25519.c,v 1.1 2013/12/06 13:39:49 markus Exp $ */ 1/* $OpenBSD: ssh-ed25519.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2013 Markus Friedl <markus@openbsd.org> 3 * Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
4 * 4 *
@@ -66,7 +66,7 @@ ssh_ed25519_sign(const Key *key, u_char **sigp, u_int *lenp,
66 memcpy(*sigp, buffer_ptr(&b), len); 66 memcpy(*sigp, buffer_ptr(&b), len);
67 } 67 }
68 buffer_free(&b); 68 buffer_free(&b);
69 memset(sig, 's', slen); 69 explicit_bzero(sig, slen);
70 free(sig); 70 free(sig);
71 71
72 return 0; 72 return 0;
@@ -130,9 +130,9 @@ ssh_ed25519_verify(const Key *key, const u_char *signature, u_int signaturelen,
130 } 130 }
131 /* XXX compare 'm' and 'data' ? */ 131 /* XXX compare 'm' and 'data' ? */
132 132
133 memset(sigblob, 's', len); 133 explicit_bzero(sigblob, len);
134 memset(sm, 'S', smlen); 134 explicit_bzero(sm, smlen);
135 memset(m, 'm', smlen); /* NB. mlen may be invalid if ret != 0 */ 135 explicit_bzero(m, smlen); /* NB. mlen may be invalid if ret != 0 */
136 free(sigblob); 136 free(sigblob);
137 free(sm); 137 free(sm);
138 free(m); 138 free(m);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 8140447f7..9f0310945 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.239 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.240 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -267,7 +267,7 @@ load_identity(char *filename)
267 pass = read_passphrase("Enter passphrase: ", 267 pass = read_passphrase("Enter passphrase: ",
268 RP_ALLOW_STDIN); 268 RP_ALLOW_STDIN);
269 prv = key_load_private(filename, pass, NULL); 269 prv = key_load_private(filename, pass, NULL);
270 memset(pass, 0, strlen(pass)); 270 explicit_bzero(pass, strlen(pass));
271 free(pass); 271 free(pass);
272 } 272 }
273 return prv; 273 return prv;
@@ -1258,7 +1258,7 @@ do_change_passphrase(struct passwd *pw)
1258 RP_ALLOW_STDIN); 1258 RP_ALLOW_STDIN);
1259 private = key_load_private(identity_file, old_passphrase, 1259 private = key_load_private(identity_file, old_passphrase,
1260 &comment); 1260 &comment);
1261 memset(old_passphrase, 0, strlen(old_passphrase)); 1261 explicit_bzero(old_passphrase, strlen(old_passphrase));
1262 free(old_passphrase); 1262 free(old_passphrase);
1263 if (private == NULL) { 1263 if (private == NULL) {
1264 printf("Bad passphrase.\n"); 1264 printf("Bad passphrase.\n");
@@ -1280,15 +1280,15 @@ do_change_passphrase(struct passwd *pw)
1280 1280
1281 /* Verify that they are the same. */ 1281 /* Verify that they are the same. */
1282 if (strcmp(passphrase1, passphrase2) != 0) { 1282 if (strcmp(passphrase1, passphrase2) != 0) {
1283 memset(passphrase1, 0, strlen(passphrase1)); 1283 explicit_bzero(passphrase1, strlen(passphrase1));
1284 memset(passphrase2, 0, strlen(passphrase2)); 1284 explicit_bzero(passphrase2, strlen(passphrase2));
1285 free(passphrase1); 1285 free(passphrase1);
1286 free(passphrase2); 1286 free(passphrase2);
1287 printf("Pass phrases do not match. Try again.\n"); 1287 printf("Pass phrases do not match. Try again.\n");
1288 exit(1); 1288 exit(1);
1289 } 1289 }
1290 /* Destroy the other copy. */ 1290 /* Destroy the other copy. */
1291 memset(passphrase2, 0, strlen(passphrase2)); 1291 explicit_bzero(passphrase2, strlen(passphrase2));
1292 free(passphrase2); 1292 free(passphrase2);
1293 } 1293 }
1294 1294
@@ -1296,14 +1296,14 @@ do_change_passphrase(struct passwd *pw)
1296 if (!key_save_private(private, identity_file, passphrase1, comment, 1296 if (!key_save_private(private, identity_file, passphrase1, comment,
1297 use_new_format, new_format_cipher, rounds)) { 1297 use_new_format, new_format_cipher, rounds)) {
1298 printf("Saving the key failed: %s.\n", identity_file); 1298 printf("Saving the key failed: %s.\n", identity_file);
1299 memset(passphrase1, 0, strlen(passphrase1)); 1299 explicit_bzero(passphrase1, strlen(passphrase1));
1300 free(passphrase1); 1300 free(passphrase1);
1301 key_free(private); 1301 key_free(private);
1302 free(comment); 1302 free(comment);
1303 exit(1); 1303 exit(1);
1304 } 1304 }
1305 /* Destroy the passphrase and the copy of the key in memory. */ 1305 /* Destroy the passphrase and the copy of the key in memory. */
1306 memset(passphrase1, 0, strlen(passphrase1)); 1306 explicit_bzero(passphrase1, strlen(passphrase1));
1307 free(passphrase1); 1307 free(passphrase1);
1308 key_free(private); /* Destroys contents */ 1308 key_free(private); /* Destroys contents */
1309 free(comment); 1309 free(comment);
@@ -1375,7 +1375,7 @@ do_change_comment(struct passwd *pw)
1375 /* Try to load using the passphrase. */ 1375 /* Try to load using the passphrase. */
1376 private = key_load_private(identity_file, passphrase, &comment); 1376 private = key_load_private(identity_file, passphrase, &comment);
1377 if (private == NULL) { 1377 if (private == NULL) {
1378 memset(passphrase, 0, strlen(passphrase)); 1378 explicit_bzero(passphrase, strlen(passphrase));
1379 free(passphrase); 1379 free(passphrase);
1380 printf("Bad passphrase.\n"); 1380 printf("Bad passphrase.\n");
1381 exit(1); 1381 exit(1);
@@ -1396,7 +1396,7 @@ do_change_comment(struct passwd *pw)
1396 printf("Enter new comment: "); 1396 printf("Enter new comment: ");
1397 fflush(stdout); 1397 fflush(stdout);
1398 if (!fgets(new_comment, sizeof(new_comment), stdin)) { 1398 if (!fgets(new_comment, sizeof(new_comment), stdin)) {
1399 memset(passphrase, 0, strlen(passphrase)); 1399 explicit_bzero(passphrase, strlen(passphrase));
1400 key_free(private); 1400 key_free(private);
1401 exit(1); 1401 exit(1);
1402 } 1402 }
@@ -1407,13 +1407,13 @@ do_change_comment(struct passwd *pw)
1407 if (!key_save_private(private, identity_file, passphrase, new_comment, 1407 if (!key_save_private(private, identity_file, passphrase, new_comment,
1408 use_new_format, new_format_cipher, rounds)) { 1408 use_new_format, new_format_cipher, rounds)) {
1409 printf("Saving the key failed: %s.\n", identity_file); 1409 printf("Saving the key failed: %s.\n", identity_file);
1410 memset(passphrase, 0, strlen(passphrase)); 1410 explicit_bzero(passphrase, strlen(passphrase));
1411 free(passphrase); 1411 free(passphrase);
1412 key_free(private); 1412 key_free(private);
1413 free(comment); 1413 free(comment);
1414 exit(1); 1414 exit(1);
1415 } 1415 }
1416 memset(passphrase, 0, strlen(passphrase)); 1416 explicit_bzero(passphrase, strlen(passphrase));
1417 free(passphrase); 1417 free(passphrase);
1418 public = key_from_private(private); 1418 public = key_from_private(private);
1419 key_free(private); 1419 key_free(private);
@@ -2632,15 +2632,15 @@ passphrase_again:
2632 * The passphrases do not match. Clear them and 2632 * The passphrases do not match. Clear them and
2633 * retry. 2633 * retry.
2634 */ 2634 */
2635 memset(passphrase1, 0, strlen(passphrase1)); 2635 explicit_bzero(passphrase1, strlen(passphrase1));
2636 memset(passphrase2, 0, strlen(passphrase2)); 2636 explicit_bzero(passphrase2, strlen(passphrase2));
2637 free(passphrase1); 2637 free(passphrase1);
2638 free(passphrase2); 2638 free(passphrase2);
2639 printf("Passphrases do not match. Try again.\n"); 2639 printf("Passphrases do not match. Try again.\n");
2640 goto passphrase_again; 2640 goto passphrase_again;
2641 } 2641 }
2642 /* Clear the other copy of the passphrase. */ 2642 /* Clear the other copy of the passphrase. */
2643 memset(passphrase2, 0, strlen(passphrase2)); 2643 explicit_bzero(passphrase2, strlen(passphrase2));
2644 free(passphrase2); 2644 free(passphrase2);
2645 } 2645 }
2646 2646
@@ -2655,12 +2655,12 @@ passphrase_again:
2655 if (!key_save_private(private, identity_file, passphrase1, comment, 2655 if (!key_save_private(private, identity_file, passphrase1, comment,
2656 use_new_format, new_format_cipher, rounds)) { 2656 use_new_format, new_format_cipher, rounds)) {
2657 printf("Saving the key failed: %s.\n", identity_file); 2657 printf("Saving the key failed: %s.\n", identity_file);
2658 memset(passphrase1, 0, strlen(passphrase1)); 2658 explicit_bzero(passphrase1, strlen(passphrase1));
2659 free(passphrase1); 2659 free(passphrase1);
2660 exit(1); 2660 exit(1);
2661 } 2661 }
2662 /* Clear the passphrase. */ 2662 /* Clear the passphrase. */
2663 memset(passphrase1, 0, strlen(passphrase1)); 2663 explicit_bzero(passphrase1, strlen(passphrase1));
2664 free(passphrase1); 2664 free(passphrase1);
2665 2665
2666 /* Clear the private key and the random number generator. */ 2666 /* Clear the private key and the random number generator. */
diff --git a/ssh-rsa.c b/ssh-rsa.c
index a2112d033..c6f25b3ee 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-rsa.c,v 1.50 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: ssh-rsa.c,v 1.51 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> 3 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
4 * 4 *
@@ -70,7 +70,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
70 sig = xmalloc(slen); 70 sig = xmalloc(slen);
71 71
72 ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); 72 ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
73 memset(digest, 'd', sizeof(digest)); 73 explicit_bzero(digest, sizeof(digest));
74 74
75 if (ok != 1) { 75 if (ok != 1) {
76 int ecode = ERR_get_error(); 76 int ecode = ERR_get_error();
@@ -84,7 +84,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
84 u_int diff = slen - len; 84 u_int diff = slen - len;
85 debug("slen %u > len %u", slen, len); 85 debug("slen %u > len %u", slen, len);
86 memmove(sig + diff, sig, len); 86 memmove(sig + diff, sig, len);
87 memset(sig, 0, diff); 87 explicit_bzero(sig, diff);
88 } else if (len > slen) { 88 } else if (len > slen) {
89 error("%s: slen %u slen2 %u", __func__, slen, len); 89 error("%s: slen %u slen2 %u", __func__, slen, len);
90 free(sig); 90 free(sig);
@@ -102,7 +102,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
102 memcpy(*sigp, buffer_ptr(&b), len); 102 memcpy(*sigp, buffer_ptr(&b), len);
103 } 103 }
104 buffer_free(&b); 104 buffer_free(&b);
105 memset(sig, 's', slen); 105 explicit_bzero(sig, slen);
106 free(sig); 106 free(sig);
107 107
108 return 0; 108 return 0;
@@ -161,7 +161,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
161 modlen, len); 161 modlen, len);
162 sigblob = xrealloc(sigblob, 1, modlen); 162 sigblob = xrealloc(sigblob, 1, modlen);
163 memmove(sigblob + diff, sigblob, len); 163 memmove(sigblob + diff, sigblob, len);
164 memset(sigblob, 0, diff); 164 explicit_bzero(sigblob, diff);
165 len = modlen; 165 len = modlen;
166 } 166 }
167 /* hash the data */ 167 /* hash the data */
@@ -178,8 +178,8 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
178 178
179 ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, 179 ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,
180 key->rsa); 180 key->rsa);
181 memset(digest, 'd', sizeof(digest)); 181 explicit_bzero(digest, sizeof(digest));
182 memset(sigblob, 's', len); 182 explicit_bzero(sigblob, len);
183 free(sigblob); 183 free(sigblob);
184 debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : ""); 184 debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : "");
185 return ret; 185 return ret;
diff --git a/sshconnect.c b/sshconnect.c
index d21781ea4..3781eaf3b 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.244 2014/01/09 23:26:48 djm Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.245 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1299,7 +1299,7 @@ ssh_put_password(char *password)
1299 padded = xcalloc(1, size); 1299 padded = xcalloc(1, size);
1300 strlcpy(padded, password, size); 1300 strlcpy(padded, password, size);
1301 packet_put_string(padded, size); 1301 packet_put_string(padded, size);
1302 memset(padded, 0, size); 1302 explicit_bzero(padded, size);
1303 free(padded); 1303 free(padded);
1304} 1304}
1305 1305
diff --git a/sshconnect1.c b/sshconnect1.c
index 57713d24d..921408ec1 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect1.c,v 1.73 2014/01/27 19:18:54 markus Exp $ */ 1/* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -120,7 +120,7 @@ try_agent_authentication(void)
120 * return a wrong value. 120 * return a wrong value.
121 */ 121 */
122 logit("Authentication agent failed to decrypt challenge."); 122 logit("Authentication agent failed to decrypt challenge.");
123 memset(response, 0, sizeof(response)); 123 explicit_bzero(response, sizeof(response));
124 } 124 }
125 key_free(key); 125 key_free(key);
126 debug("Sending response to RSA challenge."); 126 debug("Sending response to RSA challenge.");
@@ -195,9 +195,9 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
195 packet_send(); 195 packet_send();
196 packet_write_wait(); 196 packet_write_wait();
197 197
198 memset(buf, 0, sizeof(buf)); 198 explicit_bzero(buf, sizeof(buf));
199 memset(response, 0, sizeof(response)); 199 explicit_bzero(response, sizeof(response));
200 memset(&md, 0, sizeof(md)); 200 explicit_bzero(&md, sizeof(md));
201} 201}
202 202
203/* 203/*
@@ -271,7 +271,7 @@ try_rsa_authentication(int idx)
271 debug2("no passphrase given, try next key"); 271 debug2("no passphrase given, try next key");
272 quit = 1; 272 quit = 1;
273 } 273 }
274 memset(passphrase, 0, strlen(passphrase)); 274 explicit_bzero(passphrase, strlen(passphrase));
275 free(passphrase); 275 free(passphrase);
276 if (private != NULL || quit) 276 if (private != NULL || quit)
277 break; 277 break;
@@ -427,7 +427,7 @@ try_challenge_response_authentication(void)
427 } 427 }
428 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); 428 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
429 ssh_put_password(response); 429 ssh_put_password(response);
430 memset(response, 0, strlen(response)); 430 explicit_bzero(response, strlen(response));
431 free(response); 431 free(response);
432 packet_send(); 432 packet_send();
433 packet_write_wait(); 433 packet_write_wait();
@@ -460,7 +460,7 @@ try_password_authentication(char *prompt)
460 password = read_passphrase(prompt, 0); 460 password = read_passphrase(prompt, 0);
461 packet_start(SSH_CMSG_AUTH_PASSWORD); 461 packet_start(SSH_CMSG_AUTH_PASSWORD);
462 ssh_put_password(password); 462 ssh_put_password(password);
463 memset(password, 0, strlen(password)); 463 explicit_bzero(password, strlen(password));
464 free(password); 464 free(password);
465 packet_send(); 465 packet_send();
466 packet_write_wait(); 466 packet_write_wait();
@@ -652,8 +652,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
652 /* Set the encryption key. */ 652 /* Set the encryption key. */
653 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); 653 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
654 654
655 /* We will no longer need the session key here. Destroy any extra copies. */ 655 /*
656 memset(session_key, 0, sizeof(session_key)); 656 * We will no longer need the session key here.
657 * Destroy any extra copies.
658 */
659 explicit_bzero(session_key, sizeof(session_key));
657 660
658 /* 661 /*
659 * Expect a success message from the server. Note that this message 662 * Expect a success message from the server. Note that this message
diff --git a/sshconnect2.c b/sshconnect2.c
index c60a8511b..7f4ff4189 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.203 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -869,7 +869,7 @@ userauth_passwd(Authctxt *authctxt)
869 packet_put_cstring(authctxt->method->name); 869 packet_put_cstring(authctxt->method->name);
870 packet_put_char(0); 870 packet_put_char(0);
871 packet_put_cstring(password); 871 packet_put_cstring(password);
872 memset(password, 0, strlen(password)); 872 explicit_bzero(password, strlen(password));
873 free(password); 873 free(password);
874 packet_add_padding(64); 874 packet_add_padding(64);
875 packet_send(); 875 packet_send();
@@ -915,7 +915,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
915 authctxt->server_user, host); 915 authctxt->server_user, host);
916 password = read_passphrase(prompt, 0); 916 password = read_passphrase(prompt, 0);
917 packet_put_cstring(password); 917 packet_put_cstring(password);
918 memset(password, 0, strlen(password)); 918 explicit_bzero(password, strlen(password));
919 free(password); 919 free(password);
920 password = NULL; 920 password = NULL;
921 while (password == NULL) { 921 while (password == NULL) {
@@ -932,16 +932,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
932 authctxt->server_user, host); 932 authctxt->server_user, host);
933 retype = read_passphrase(prompt, 0); 933 retype = read_passphrase(prompt, 0);
934 if (strcmp(password, retype) != 0) { 934 if (strcmp(password, retype) != 0) {
935 memset(password, 0, strlen(password)); 935 explicit_bzero(password, strlen(password));
936 free(password); 936 free(password);
937 logit("Mismatch; try again, EOF to quit."); 937 logit("Mismatch; try again, EOF to quit.");
938 password = NULL; 938 password = NULL;
939 } 939 }
940 memset(retype, 0, strlen(retype)); 940 explicit_bzero(retype, strlen(retype));
941 free(retype); 941 free(retype);
942 } 942 }
943 packet_put_cstring(password); 943 packet_put_cstring(password);
944 memset(password, 0, strlen(password)); 944 explicit_bzero(password, strlen(password));
945 free(password); 945 free(password);
946 packet_add_padding(64); 946 packet_add_padding(64);
947 packet_send(); 947 packet_send();
@@ -1126,7 +1126,7 @@ load_identity_file(char *filename, int userprovided)
1126 debug2("no passphrase given, try next key"); 1126 debug2("no passphrase given, try next key");
1127 quit = 1; 1127 quit = 1;
1128 } 1128 }
1129 memset(passphrase, 0, strlen(passphrase)); 1129 explicit_bzero(passphrase, strlen(passphrase));
1130 free(passphrase); 1130 free(passphrase);
1131 if (private != NULL || quit) 1131 if (private != NULL || quit)
1132 break; 1132 break;
@@ -1385,7 +1385,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
1385 response = read_passphrase(prompt, echo ? RP_ECHO : 0); 1385 response = read_passphrase(prompt, echo ? RP_ECHO : 0);
1386 1386
1387 packet_put_cstring(response); 1387 packet_put_cstring(response);
1388 memset(response, 0, strlen(response)); 1388 explicit_bzero(response, strlen(response));
1389 free(response); 1389 free(response);
1390 free(prompt); 1390 free(prompt);
1391 } 1391 }
@@ -1555,7 +1555,7 @@ userauth_hostbased(Authctxt *authctxt)
1555 packet_put_cstring(chost); 1555 packet_put_cstring(chost);
1556 packet_put_cstring(authctxt->local_user); 1556 packet_put_cstring(authctxt->local_user);
1557 packet_put_string(signature, slen); 1557 packet_put_string(signature, slen);
1558 memset(signature, 's', slen); 1558 explicit_bzero(signature, slen);
1559 free(signature); 1559 free(signature);
1560 free(chost); 1560 free(chost);
1561 free(pkalg); 1561 free(pkalg);
diff --git a/sshd.c b/sshd.c
index b7411fe83..93e698b5d 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.417 2014/01/31 16:39:19 tedu Exp $ */ 1/* $OpenBSD: sshd.c,v 1.418 2014/02/02 03:44:32 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -579,7 +579,7 @@ destroy_sensitive_data(void)
579 } 579 }
580 } 580 }
581 sensitive_data.ssh1_host_key = NULL; 581 sensitive_data.ssh1_host_key = NULL;
582 memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH); 582 explicit_bzero(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
583} 583}
584 584
585/* Demote private to public keys for network child */ 585/* Demote private to public keys for network child */
@@ -1657,7 +1657,8 @@ main(int ac, char **av)
1657 fatal("Privilege separation user %s does not exist", 1657 fatal("Privilege separation user %s does not exist",
1658 SSH_PRIVSEP_USER); 1658 SSH_PRIVSEP_USER);
1659 } else { 1659 } else {
1660 memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); 1660 explicit_bzero(privsep_pw->pw_passwd,
1661 strlen(privsep_pw->pw_passwd));
1661 privsep_pw = pwcopy(privsep_pw); 1662 privsep_pw = pwcopy(privsep_pw);
1662 free(privsep_pw->pw_passwd); 1663 free(privsep_pw->pw_passwd);
1663 privsep_pw->pw_passwd = xstrdup("*"); 1664 privsep_pw->pw_passwd = xstrdup("*");
@@ -2341,7 +2342,7 @@ do_ssh1_kex(void)
2341 get_remote_ipaddr(), len, (u_long)sizeof(session_key)); 2342 get_remote_ipaddr(), len, (u_long)sizeof(session_key));
2342 rsafail++; 2343 rsafail++;
2343 } else { 2344 } else {
2344 memset(session_key, 0, sizeof(session_key)); 2345 explicit_bzero(session_key, sizeof(session_key));
2345 BN_bn2bin(session_key_int, 2346 BN_bn2bin(session_key_int,
2346 session_key + sizeof(session_key) - len); 2347 session_key + sizeof(session_key) - len);
2347 2348
@@ -2379,7 +2380,7 @@ do_ssh1_kex(void)
2379 sizeof(session_key) - 16) < 0) 2380 sizeof(session_key) - 16) < 0)
2380 fatal("%s: md5 failed", __func__); 2381 fatal("%s: md5 failed", __func__);
2381 ssh_digest_free(md); 2382 ssh_digest_free(md);
2382 memset(buf, 0, bytes); 2383 explicit_bzero(buf, bytes);
2383 free(buf); 2384 free(buf);
2384 for (i = 0; i < 16; i++) 2385 for (i = 0; i < 16; i++)
2385 session_id[i] = session_key[i] ^ session_key[i + 16]; 2386 session_id[i] = session_key[i] ^ session_key[i + 16];
@@ -2397,7 +2398,7 @@ do_ssh1_kex(void)
2397 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); 2398 packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
2398 2399
2399 /* Destroy our copy of the session key. It is no longer needed. */ 2400 /* Destroy our copy of the session key. It is no longer needed. */
2400 memset(session_key, 0, sizeof(session_key)); 2401 explicit_bzero(session_key, sizeof(session_key));
2401 2402
2402 debug("Received session key; encryption turned on."); 2403 debug("Received session key; encryption turned on.");
2403 2404
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-23 20:00:03 +0000