Merge 6.6p1.

* New upstream release (http://www.openssh.com/txt/release-6.6).
author: Colin Watson <cjwatson@debian.org> 2014-03-20 00:32:39 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-03-20 00:34:16 +0000
commit: 2ee2de47fd0f684f54218d31b4ec83930e69c18e (patch)
tree: 86848a7668424b392d48791a0e41e05f9df7b62b /packet.c
parent: c9947303ad3c432b1cadfbeb1d95a7cd38662d66 (diff)
parent: 9cbb60f5e4932634db04c330c88abc49cc5567bd (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/packet.c b/packet.c
index 6cf7edbb8..54c0558f9 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.191 2013/12/06 13:34:54 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.192 2014/02/02 03:44:31 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -764,9 +764,9 @@ set_newkeys(int mode)
                mac  = &active_state->newkeys[mode]->mac;
                comp = &active_state->newkeys[mode]->comp;
                mac_clear(mac);
-                memset(enc->iv,  0, enc->iv_len);
+                explicit_bzero(enc->iv,  enc->iv_len);
-                memset(enc->key, 0, enc->key_len);
+                explicit_bzero(enc->key, enc->key_len);
-                memset(mac->key, 0, mac->key_len);
+                explicit_bzero(mac->key, mac->key_len);
                free(enc->name);
                free(enc->iv);
                free(enc->key);
@@ -787,9 +787,9 @@ set_newkeys(int mode)
        cipher_init(cc, enc->cipher, enc->key, enc->key_len,
            enc->iv, enc->iv_len, crypt_type);
        /* Deleting the keys does not gain extra security */
-        /* memset(enc->iv,  0, enc->block_size);
+        /* explicit_bzero(enc->iv,  enc->block_size);
-           memset(enc->key, 0, enc->key_len);
+           explicit_bzero(enc->key, enc->key_len);
-           memset(mac->key, 0, mac->key_len); */
+           explicit_bzero(mac->key, mac->key_len); */
        if ((comp->type == COMP_ZLIB ||
            (comp->type == COMP_DELAYED &&
             active_state->after_authentication)) && comp->enabled == 0) {
@@ -928,7 +928,7 @@ packet_send2_wrapped(void)
                }
        } else {
                /* clear padding */
-                memset(cp, 0, padlen);
+                explicit_bzero(cp, padlen);
        }
        /* sizeof (packet_len + pad_len + payload + padding) */
        len = buffer_len(&active_state->outgoing_packet);
author	Colin Watson <cjwatson@debian.org>	2014-03-20 00:32:39 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-03-20 00:34:16 +0000
commit	2ee2de47fd0f684f54218d31b4ec83930e69c18e (patch)
tree	86848a7668424b392d48791a0e41e05f9df7b62b /packet.c
parent	c9947303ad3c432b1cadfbeb1d95a7cd38662d66 (diff)
parent	9cbb60f5e4932634db04c330c88abc49cc5567bd (diff)

diff --git a/packet.c b/packet.c index 6cf7edbb8..54c0558f9 100644 --- a/packet.c +++ b/packet.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: packet.c,v 1.191 2013/12/06 13:34:54 markus Exp $ */	1	/* $OpenBSD: packet.c,v 1.192 2014/02/02 03:44:31 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -764,9 +764,9 @@ set_newkeys(int mode)
764	mac = &active_state->newkeys[mode]->mac;	764	mac = &active_state->newkeys[mode]->mac;
765	comp = &active_state->newkeys[mode]->comp;	765	comp = &active_state->newkeys[mode]->comp;
766	mac_clear(mac);	766	mac_clear(mac);
767	memset(enc->iv, 0, enc->iv_len);	767	explicit_bzero(enc->iv, enc->iv_len);
768	memset(enc->key, 0, enc->key_len);	768	explicit_bzero(enc->key, enc->key_len);
769	memset(mac->key, 0, mac->key_len);	769	explicit_bzero(mac->key, mac->key_len);
770	free(enc->name);	770	free(enc->name);
771	free(enc->iv);	771	free(enc->iv);
772	free(enc->key);	772	free(enc->key);
@@ -787,9 +787,9 @@ set_newkeys(int mode)
787	cipher_init(cc, enc->cipher, enc->key, enc->key_len,	787	cipher_init(cc, enc->cipher, enc->key, enc->key_len,
788	enc->iv, enc->iv_len, crypt_type);	788	enc->iv, enc->iv_len, crypt_type);
789	/* Deleting the keys does not gain extra security */	789	/* Deleting the keys does not gain extra security */
790	/* memset(enc->iv, 0, enc->block_size);	790	/* explicit_bzero(enc->iv, enc->block_size);
791	memset(enc->key, 0, enc->key_len);	791	explicit_bzero(enc->key, enc->key_len);
792	memset(mac->key, 0, mac->key_len); */	792	explicit_bzero(mac->key, mac->key_len); */
793	if ((comp->type == COMP_ZLIB \|\|	793	if ((comp->type == COMP_ZLIB \|\|
794	(comp->type == COMP_DELAYED &&	794	(comp->type == COMP_DELAYED &&
795	active_state->after_authentication)) && comp->enabled == 0) {	795	active_state->after_authentication)) && comp->enabled == 0) {
@@ -928,7 +928,7 @@ packet_send2_wrapped(void)
928	}	928	}
929	} else {	929	} else {
930	/* clear padding */	930	/* clear padding */
931	memset(cp, 0, padlen);	931	explicit_bzero(cp, padlen);
932	}	932	}
933	/* sizeof (packet_len + pad_len + payload + padding) */	933	/* sizeof (packet_len + pad_len + payload + padding) */
934	len = buffer_len(&active_state->outgoing_packet);	934	len = buffer_len(&active_state->outgoing_packet);