- djm@cvs.openbsd.org 2014/02/02 03:44:32

[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
author: Damien Miller <djm@mindrot.org> 2014-02-04 11:20:14 +1100
committer: Damien Miller <djm@mindrot.org> 2014-02-04 11:20:14 +1100
commit: a5103f413bde6f31bff85d6e1fd29799c647d765 (patch)
tree: 0b35ad9292b2ca8d58229435865d0ec3818e5981 /ssh-ecdsa.c
parent: 1d2c4564265ee827147af246a16f3777741411ed (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
index 10ad9da60..95b222446 100644
--- a/ssh-ecdsa.c
+++ b/ssh-ecdsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa.c,v 1.8 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: ssh-ecdsa.c,v 1.9 2014/02/02 03:44:31 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -72,7 +72,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
        }
        sig = ECDSA_do_sign(digest, dlen, key->ecdsa);
-        memset(digest, 'd', sizeof(digest));
+        explicit_bzero(digest, sizeof(digest));
        if (sig == NULL) {
                error("%s: sign failed", __func__);
@@ -153,7 +153,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
        buffer_free(&bb);
        /* clean up */
-        memset(sigblob, 0, len);
+        explicit_bzero(sigblob, len);
        free(sigblob);
        /* hash the data */
@@ -169,7 +169,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
        }
        ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa);
-        memset(digest, 'd', sizeof(digest));
+        explicit_bzero(digest, sizeof(digest));
        ECDSA_SIG_free(sig);
author	Damien Miller <djm@mindrot.org>	2014-02-04 11:20:14 +1100
committer	Damien Miller <djm@mindrot.org>	2014-02-04 11:20:14 +1100
commit	a5103f413bde6f31bff85d6e1fd29799c647d765 (patch)
tree	0b35ad9292b2ca8d58229435865d0ec3818e5981 /ssh-ecdsa.c
parent	1d2c4564265ee827147af246a16f3777741411ed (diff)

diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 10ad9da60..95b222446 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-ecdsa.c,v 1.8 2014/01/09 23:20:00 djm Exp $ */	1	/* $OpenBSD: ssh-ecdsa.c,v 1.9 2014/02/02 03:44:31 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2010 Damien Miller. All rights reserved.	4	* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -72,7 +72,7 @@ ssh_ecdsa_sign(const Key key, u_char sigp, u_int lenp,
72	}	72	}
73		73
74	sig = ECDSA_do_sign(digest, dlen, key->ecdsa);	74	sig = ECDSA_do_sign(digest, dlen, key->ecdsa);
75	memset(digest, 'd', sizeof(digest));	75	explicit_bzero(digest, sizeof(digest));
76		76
77	if (sig == NULL) {	77	if (sig == NULL) {
78	error("%s: sign failed", __func__);	78	error("%s: sign failed", __func__);
@@ -153,7 +153,7 @@ ssh_ecdsa_verify(const Key key, const u_char signature, u_int signaturelen,
153	buffer_free(&bb);	153	buffer_free(&bb);
154		154
155	/* clean up */	155	/* clean up */
156	memset(sigblob, 0, len);	156	explicit_bzero(sigblob, len);
157	free(sigblob);	157	free(sigblob);
158		158
159	/* hash the data */	159	/* hash the data */
@@ -169,7 +169,7 @@ ssh_ecdsa_verify(const Key key, const u_char signature, u_int signaturelen,
169	}	169	}
170		170
171	ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa);	171	ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa);
172	memset(digest, 'd', sizeof(digest));	172	explicit_bzero(digest, sizeof(digest));
173		173
174	ECDSA_SIG_free(sig);	174	ECDSA_SIG_free(sig);
175		175