diff options
author | Damien Miller <djm@mindrot.org> | 2014-02-04 11:20:14 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-02-04 11:20:14 +1100 |
commit | a5103f413bde6f31bff85d6e1fd29799c647d765 (patch) | |
tree | 0b35ad9292b2ca8d58229435865d0ec3818e5981 /ssh-ecdsa.c | |
parent | 1d2c4564265ee827147af246a16f3777741411ed (diff) |
- djm@cvs.openbsd.org 2014/02/02 03:44:32
[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
[buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
[kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
[monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
[ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c]
convert memset of potentially-private data to explicit_bzero()
Diffstat (limited to 'ssh-ecdsa.c')
-rw-r--r-- | ssh-ecdsa.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 10ad9da60..95b222446 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-ecdsa.c,v 1.8 2014/01/09 23:20:00 djm Exp $ */ | 1 | /* $OpenBSD: ssh-ecdsa.c,v 1.9 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -72,7 +72,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
72 | } | 72 | } |
73 | 73 | ||
74 | sig = ECDSA_do_sign(digest, dlen, key->ecdsa); | 74 | sig = ECDSA_do_sign(digest, dlen, key->ecdsa); |
75 | memset(digest, 'd', sizeof(digest)); | 75 | explicit_bzero(digest, sizeof(digest)); |
76 | 76 | ||
77 | if (sig == NULL) { | 77 | if (sig == NULL) { |
78 | error("%s: sign failed", __func__); | 78 | error("%s: sign failed", __func__); |
@@ -153,7 +153,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
153 | buffer_free(&bb); | 153 | buffer_free(&bb); |
154 | 154 | ||
155 | /* clean up */ | 155 | /* clean up */ |
156 | memset(sigblob, 0, len); | 156 | explicit_bzero(sigblob, len); |
157 | free(sigblob); | 157 | free(sigblob); |
158 | 158 | ||
159 | /* hash the data */ | 159 | /* hash the data */ |
@@ -169,7 +169,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
169 | } | 169 | } |
170 | 170 | ||
171 | ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); | 171 | ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); |
172 | memset(digest, 'd', sizeof(digest)); | 172 | explicit_bzero(digest, sizeof(digest)); |
173 | 173 | ||
174 | ECDSA_SIG_free(sig); | 174 | ECDSA_SIG_free(sig); |
175 | 175 | ||