- djm@cvs.openbsd.org 2014/02/02 03:44:32

[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
author: Damien Miller <djm@mindrot.org> 2014-02-04 11:20:14 +1100
committer: Damien Miller <djm@mindrot.org> 2014-02-04 11:20:14 +1100
commit: a5103f413bde6f31bff85d6e1fd29799c647d765 (patch)
tree: 0b35ad9292b2ca8d58229435865d0ec3818e5981 /packet.c
parent: 1d2c4564265ee827147af246a16f3777741411ed (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/packet.c b/packet.c
index 6cf7edbb8..54c0558f9 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.191 2013/12/06 13:34:54 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.192 2014/02/02 03:44:31 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -764,9 +764,9 @@ set_newkeys(int mode)
                mac  = &active_state->newkeys[mode]->mac;
                comp = &active_state->newkeys[mode]->comp;
                mac_clear(mac);
-                memset(enc->iv,  0, enc->iv_len);
+                explicit_bzero(enc->iv,  enc->iv_len);
-                memset(enc->key, 0, enc->key_len);
+                explicit_bzero(enc->key, enc->key_len);
-                memset(mac->key, 0, mac->key_len);
+                explicit_bzero(mac->key, mac->key_len);
                free(enc->name);
                free(enc->iv);
                free(enc->key);
@@ -787,9 +787,9 @@ set_newkeys(int mode)
        cipher_init(cc, enc->cipher, enc->key, enc->key_len,
            enc->iv, enc->iv_len, crypt_type);
        /* Deleting the keys does not gain extra security */
-        /* memset(enc->iv,  0, enc->block_size);
+        /* explicit_bzero(enc->iv,  enc->block_size);
-           memset(enc->key, 0, enc->key_len);
+           explicit_bzero(enc->key, enc->key_len);
-           memset(mac->key, 0, mac->key_len); */
+           explicit_bzero(mac->key, mac->key_len); */
        if ((comp->type == COMP_ZLIB ||
            (comp->type == COMP_DELAYED &&
             active_state->after_authentication)) && comp->enabled == 0) {
@@ -928,7 +928,7 @@ packet_send2_wrapped(void)
                }
        } else {
                /* clear padding */
-                memset(cp, 0, padlen);
+                explicit_bzero(cp, padlen);
        }
        /* sizeof (packet_len + pad_len + payload + padding) */
        len = buffer_len(&active_state->outgoing_packet);
author	Damien Miller <djm@mindrot.org>	2014-02-04 11:20:14 +1100
committer	Damien Miller <djm@mindrot.org>	2014-02-04 11:20:14 +1100
commit	a5103f413bde6f31bff85d6e1fd29799c647d765 (patch)
tree	0b35ad9292b2ca8d58229435865d0ec3818e5981 /packet.c
parent	1d2c4564265ee827147af246a16f3777741411ed (diff)

diff --git a/packet.c b/packet.c index 6cf7edbb8..54c0558f9 100644 --- a/packet.c +++ b/packet.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: packet.c,v 1.191 2013/12/06 13:34:54 markus Exp $ */	1	/* $OpenBSD: packet.c,v 1.192 2014/02/02 03:44:31 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -764,9 +764,9 @@ set_newkeys(int mode)
764	mac = &active_state->newkeys[mode]->mac;	764	mac = &active_state->newkeys[mode]->mac;
765	comp = &active_state->newkeys[mode]->comp;	765	comp = &active_state->newkeys[mode]->comp;
766	mac_clear(mac);	766	mac_clear(mac);
767	memset(enc->iv, 0, enc->iv_len);	767	explicit_bzero(enc->iv, enc->iv_len);
768	memset(enc->key, 0, enc->key_len);	768	explicit_bzero(enc->key, enc->key_len);
769	memset(mac->key, 0, mac->key_len);	769	explicit_bzero(mac->key, mac->key_len);
770	free(enc->name);	770	free(enc->name);
771	free(enc->iv);	771	free(enc->iv);
772	free(enc->key);	772	free(enc->key);
@@ -787,9 +787,9 @@ set_newkeys(int mode)
787	cipher_init(cc, enc->cipher, enc->key, enc->key_len,	787	cipher_init(cc, enc->cipher, enc->key, enc->key_len,
788	enc->iv, enc->iv_len, crypt_type);	788	enc->iv, enc->iv_len, crypt_type);
789	/* Deleting the keys does not gain extra security */	789	/* Deleting the keys does not gain extra security */
790	/* memset(enc->iv, 0, enc->block_size);	790	/* explicit_bzero(enc->iv, enc->block_size);
791	memset(enc->key, 0, enc->key_len);	791	explicit_bzero(enc->key, enc->key_len);
792	memset(mac->key, 0, mac->key_len); */	792	explicit_bzero(mac->key, mac->key_len); */
793	if ((comp->type == COMP_ZLIB \|\|	793	if ((comp->type == COMP_ZLIB \|\|
794	(comp->type == COMP_DELAYED &&	794	(comp->type == COMP_DELAYED &&
795	active_state->after_authentication)) && comp->enabled == 0) {	795	active_state->after_authentication)) && comp->enabled == 0) {
@@ -928,7 +928,7 @@ packet_send2_wrapped(void)
928	}	928	}
929	} else {	929	} else {
930	/* clear padding */	930	/* clear padding */
931	memset(cp, 0, padlen);	931	explicit_bzero(cp, padlen);
932	}	932	}
933	/* sizeof (packet_len + pad_len + payload + padding) */	933	/* sizeof (packet_len + pad_len + payload + padding) */
934	len = buffer_len(&active_state->outgoing_packet);	934	len = buffer_len(&active_state->outgoing_packet);