diff options
| author | Damien Miller <djm@mindrot.org> | 2014-02-04 11:20:14 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-02-04 11:20:14 +1100 |
| commit | a5103f413bde6f31bff85d6e1fd29799c647d765 (patch) | |
| tree | 0b35ad9292b2ca8d58229435865d0ec3818e5981 /cipher.c | |
| parent | 1d2c4564265ee827147af246a16f3777741411ed (diff) | |
- djm@cvs.openbsd.org 2014/02/02 03:44:32
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
[buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
[kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
[monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
[ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c]
convert memset of potentially-private data to explicit_bzero()
Diffstat (limited to 'cipher.c')
| -rw-r--r-- | cipher.c | 8 |
1 files changed, 4 insertions, 4 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cipher.c,v 1.95 2014/01/27 19:18:54 markus Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.96 2014/02/02 03:44:31 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -337,7 +337,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, | |||
| 337 | if (EVP_Cipher(&cc->evp, discard, junk, | 337 | if (EVP_Cipher(&cc->evp, discard, junk, |
| 338 | cipher->discard_len) == 0) | 338 | cipher->discard_len) == 0) |
| 339 | fatal("evp_crypt: EVP_Cipher failed during discard"); | 339 | fatal("evp_crypt: EVP_Cipher failed during discard"); |
| 340 | memset(discard, 0, cipher->discard_len); | 340 | explicit_bzero(discard, cipher->discard_len); |
| 341 | free(junk); | 341 | free(junk); |
| 342 | free(discard); | 342 | free(discard); |
| 343 | } | 343 | } |
| @@ -422,7 +422,7 @@ void | |||
| 422 | cipher_cleanup(CipherContext *cc) | 422 | cipher_cleanup(CipherContext *cc) |
| 423 | { | 423 | { |
| 424 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) | 424 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) |
| 425 | memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx)); | 425 | explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); |
| 426 | else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) | 426 | else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) |
| 427 | error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); | 427 | error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); |
| 428 | } | 428 | } |
| @@ -444,7 +444,7 @@ cipher_set_key_string(CipherContext *cc, const Cipher *cipher, | |||
| 444 | 444 | ||
| 445 | cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); | 445 | cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); |
| 446 | 446 | ||
| 447 | memset(digest, 0, sizeof(digest)); | 447 | explicit_bzero(digest, sizeof(digest)); |
| 448 | } | 448 | } |
| 449 | 449 | ||
| 450 | /* | 450 | /* |