- djm@cvs.openbsd.org 2014/02/02 03:44:32

[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
author: Damien Miller <djm@mindrot.org> 2014-02-04 11:20:14 +1100
committer: Damien Miller <djm@mindrot.org> 2014-02-04 11:20:14 +1100
commit: a5103f413bde6f31bff85d6e1fd29799c647d765 (patch)
tree: 0b35ad9292b2ca8d58229435865d0ec3818e5981 /authfile.c
parent: 1d2c4564265ee827147af246a16f3777741411ed (diff)
1 files changed, 7 insertions, 7 deletions
diff --git a/authfile.c b/authfile.c
index 22da0eb05..d7eaa9dec 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.102 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -131,7 +131,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
                buffer_put_int(&kdf, rounds);
        }
        cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);
-        memset(key, 0, keylen + ivlen);
+        explicit_bzero(key, keylen + ivlen);
        free(key);
        buffer_init(&encoded);
@@ -143,7 +143,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
        key_to_blob(prv, &cp, &len);                    /* public key */
        buffer_put_string(&encoded, cp, len);
-        memset(cp, 0, len);
+        explicit_bzero(cp, len);
        free(cp);
        buffer_free(&kdf);
@@ -409,7 +409,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase,
        free(salt);
        free(comment);
        if (key)
-                memset(key, 0, keylen + ivlen);
+                explicit_bzero(key, keylen + ivlen);
        free(key);
        buffer_free(&encoded);
        buffer_free(&copy);
@@ -496,10 +496,10 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
            buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)
                fatal("%s: cipher_crypt failed", __func__);
        cipher_cleanup(&ciphercontext);
-        memset(&ciphercontext, 0, sizeof(ciphercontext));
+        explicit_bzero(&ciphercontext, sizeof(ciphercontext));
        /* Destroy temporary data. */
-        memset(buf, 0, sizeof(buf));
+        explicit_bzero(buf, sizeof(buf));
        buffer_free(&buffer);
        buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
@@ -831,7 +831,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
            buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0)
                fatal("%s: cipher_crypt failed", __func__);
        cipher_cleanup(&ciphercontext);
-        memset(&ciphercontext, 0, sizeof(ciphercontext));
+        explicit_bzero(&ciphercontext, sizeof(ciphercontext));
        buffer_free(&copy);
        check1 = buffer_get_char(&decrypted);
author	Damien Miller <djm@mindrot.org>	2014-02-04 11:20:14 +1100
committer	Damien Miller <djm@mindrot.org>	2014-02-04 11:20:14 +1100
commit	a5103f413bde6f31bff85d6e1fd29799c647d765 (patch)
tree	0b35ad9292b2ca8d58229435865d0ec3818e5981 /authfile.c
parent	1d2c4564265ee827147af246a16f3777741411ed (diff)

diff --git a/authfile.c b/authfile.c index 22da0eb05..d7eaa9dec 100644 --- a/authfile.c +++ b/authfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.c,v 1.102 2014/01/31 16:39:19 tedu Exp $ */	1	/* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -131,7 +131,7 @@ key_private_to_blob2(Key prv, Buffer blob, const char *passphrase,
131	buffer_put_int(&kdf, rounds);	131	buffer_put_int(&kdf, rounds);
132	}	132	}
133	cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);	133	cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);
134	memset(key, 0, keylen + ivlen);	134	explicit_bzero(key, keylen + ivlen);
135	free(key);	135	free(key);
136		136
137	buffer_init(&encoded);	137	buffer_init(&encoded);
@@ -143,7 +143,7 @@ key_private_to_blob2(Key prv, Buffer blob, const char *passphrase,
143	key_to_blob(prv, &cp, &len); /* public key */	143	key_to_blob(prv, &cp, &len); /* public key */
144	buffer_put_string(&encoded, cp, len);	144	buffer_put_string(&encoded, cp, len);
145		145
146	memset(cp, 0, len);	146	explicit_bzero(cp, len);
147	free(cp);	147	free(cp);
148		148
149	buffer_free(&kdf);	149	buffer_free(&kdf);
@@ -409,7 +409,7 @@ key_parse_private2(Buffer blob, int type, const char passphrase,
409	free(salt);	409	free(salt);
410	free(comment);	410	free(comment);
411	if (key)	411	if (key)
412	memset(key, 0, keylen + ivlen);	412	explicit_bzero(key, keylen + ivlen);
413	free(key);	413	free(key);
414	buffer_free(&encoded);	414	buffer_free(&encoded);
415	buffer_free(&copy);	415	buffer_free(&copy);
@@ -496,10 +496,10 @@ key_private_rsa1_to_blob(Key key, Buffer blob, const char *passphrase,
496	buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)	496	buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)
497	fatal("%s: cipher_crypt failed", __func__);	497	fatal("%s: cipher_crypt failed", __func__);
498	cipher_cleanup(&ciphercontext);	498	cipher_cleanup(&ciphercontext);
499	memset(&ciphercontext, 0, sizeof(ciphercontext));	499	explicit_bzero(&ciphercontext, sizeof(ciphercontext));
500		500
501	/* Destroy temporary data. */	501	/* Destroy temporary data. */
502	memset(buf, 0, sizeof(buf));	502	explicit_bzero(buf, sizeof(buf));
503	buffer_free(&buffer);	503	buffer_free(&buffer);
504		504
505	buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));	505	buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
@@ -831,7 +831,7 @@ key_parse_private_rsa1(Buffer blob, const char passphrase, char **commentp)
831	buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0)	831	buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0)
832	fatal("%s: cipher_crypt failed", __func__);	832	fatal("%s: cipher_crypt failed", __func__);
833	cipher_cleanup(&ciphercontext);	833	cipher_cleanup(&ciphercontext);
834	memset(&ciphercontext, 0, sizeof(ciphercontext));	834	explicit_bzero(&ciphercontext, sizeof(ciphercontext));
835	buffer_free(&copy);	835	buffer_free(&copy);
836		836
837	check1 = buffer_get_char(&decrypted);	837	check1 = buffer_get_char(&decrypted);