- djm@cvs.openbsd.org 2014/02/02 03:44:32

[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero()
author: Damien Miller <djm@mindrot.org> 2014-02-04 11:20:14 +1100
committer: Damien Miller <djm@mindrot.org> 2014-02-04 11:20:14 +1100
commit: a5103f413bde6f31bff85d6e1fd29799c647d765 (patch)
tree: 0b35ad9292b2ca8d58229435865d0ec3818e5981 /ssh-keygen.c
parent: 1d2c4564265ee827147af246a16f3777741411ed (diff)
1 files changed, 17 insertions, 17 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 8140447f7..9f0310945 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.239 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.240 2014/02/02 03:44:31 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -267,7 +267,7 @@ load_identity(char *filename)
                        pass = read_passphrase("Enter passphrase: ",
                            RP_ALLOW_STDIN);
                prv = key_load_private(filename, pass, NULL);
-                memset(pass, 0, strlen(pass));
+                explicit_bzero(pass, strlen(pass));
                free(pass);
        }
        return prv;
@@ -1258,7 +1258,7 @@ do_change_passphrase(struct passwd *pw)
                            RP_ALLOW_STDIN);
                private = key_load_private(identity_file, old_passphrase,
                    &comment);
-                memset(old_passphrase, 0, strlen(old_passphrase));
+                explicit_bzero(old_passphrase, strlen(old_passphrase));
                free(old_passphrase);
                if (private == NULL) {
                        printf("Bad passphrase.\n");
@@ -1280,15 +1280,15 @@ do_change_passphrase(struct passwd *pw)
                /* Verify that they are the same. */
                if (strcmp(passphrase1, passphrase2) != 0) {
-                        memset(passphrase1, 0, strlen(passphrase1));
+                        explicit_bzero(passphrase1, strlen(passphrase1));
-                        memset(passphrase2, 0, strlen(passphrase2));
+                        explicit_bzero(passphrase2, strlen(passphrase2));
                        free(passphrase1);
                        free(passphrase2);
                        printf("Pass phrases do not match.  Try again.\n");
                        exit(1);
                }
                /* Destroy the other copy. */
-                memset(passphrase2, 0, strlen(passphrase2));
+                explicit_bzero(passphrase2, strlen(passphrase2));
                free(passphrase2);
        }
@@ -1296,14 +1296,14 @@ do_change_passphrase(struct passwd *pw)
        if (!key_save_private(private, identity_file, passphrase1, comment,
            use_new_format, new_format_cipher, rounds)) {
                printf("Saving the key failed: %s.\n", identity_file);
-                memset(passphrase1, 0, strlen(passphrase1));
+                explicit_bzero(passphrase1, strlen(passphrase1));
                free(passphrase1);
                key_free(private);
                free(comment);
                exit(1);
        }
        /* Destroy the passphrase and the copy of the key in memory. */
-        memset(passphrase1, 0, strlen(passphrase1));
+        explicit_bzero(passphrase1, strlen(passphrase1));
        free(passphrase1);
        key_free(private);               /* Destroys contents */
        free(comment);
@@ -1375,7 +1375,7 @@ do_change_comment(struct passwd *pw)
                /* Try to load using the passphrase. */
                private = key_load_private(identity_file, passphrase, &comment);
                if (private == NULL) {
-                        memset(passphrase, 0, strlen(passphrase));
+                        explicit_bzero(passphrase, strlen(passphrase));
                        free(passphrase);
                        printf("Bad passphrase.\n");
                        exit(1);
@@ -1396,7 +1396,7 @@ do_change_comment(struct passwd *pw)
                printf("Enter new comment: ");
                fflush(stdout);
                if (!fgets(new_comment, sizeof(new_comment), stdin)) {
-                        memset(passphrase, 0, strlen(passphrase));
+                        explicit_bzero(passphrase, strlen(passphrase));
                        key_free(private);
                        exit(1);
                }
@@ -1407,13 +1407,13 @@ do_change_comment(struct passwd *pw)
        if (!key_save_private(private, identity_file, passphrase, new_comment,
            use_new_format, new_format_cipher, rounds)) {
                printf("Saving the key failed: %s.\n", identity_file);
-                memset(passphrase, 0, strlen(passphrase));
+                explicit_bzero(passphrase, strlen(passphrase));
                free(passphrase);
                key_free(private);
                free(comment);
                exit(1);
        }
-        memset(passphrase, 0, strlen(passphrase));
+        explicit_bzero(passphrase, strlen(passphrase));
        free(passphrase);
        public = key_from_private(private);
        key_free(private);
@@ -2632,15 +2632,15 @@ passphrase_again:
                         * The passphrases do not match.  Clear them and
                         * retry.
                         */
-                        memset(passphrase1, 0, strlen(passphrase1));
+                        explicit_bzero(passphrase1, strlen(passphrase1));
-                        memset(passphrase2, 0, strlen(passphrase2));
+                        explicit_bzero(passphrase2, strlen(passphrase2));
                        free(passphrase1);
                        free(passphrase2);
                        printf("Passphrases do not match.  Try again.\n");
                        goto passphrase_again;
                }
                /* Clear the other copy of the passphrase. */
-                memset(passphrase2, 0, strlen(passphrase2));
+                explicit_bzero(passphrase2, strlen(passphrase2));
                free(passphrase2);
        }
@@ -2655,12 +2655,12 @@ passphrase_again:
        if (!key_save_private(private, identity_file, passphrase1, comment,
            use_new_format, new_format_cipher, rounds)) {
                printf("Saving the key failed: %s.\n", identity_file);
-                memset(passphrase1, 0, strlen(passphrase1));
+                explicit_bzero(passphrase1, strlen(passphrase1));
                free(passphrase1);
                exit(1);
        }
        /* Clear the passphrase. */
-        memset(passphrase1, 0, strlen(passphrase1));
+        explicit_bzero(passphrase1, strlen(passphrase1));
        free(passphrase1);
        /* Clear the private key and the random number generator. */
author	Damien Miller <djm@mindrot.org>	2014-02-04 11:20:14 +1100
committer	Damien Miller <djm@mindrot.org>	2014-02-04 11:20:14 +1100
commit	a5103f413bde6f31bff85d6e1fd29799c647d765 (patch)
tree	0b35ad9292b2ca8d58229435865d0ec3818e5981 /ssh-keygen.c
parent	1d2c4564265ee827147af246a16f3777741411ed (diff)

diff --git a/ssh-keygen.c b/ssh-keygen.c index 8140447f7..9f0310945 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keygen.c,v 1.239 2014/01/31 16:39:19 tedu Exp $ */	1	/* $OpenBSD: ssh-keygen.c,v 1.240 2014/02/02 03:44:31 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -267,7 +267,7 @@ load_identity(char *filename)
267	pass = read_passphrase("Enter passphrase: ",	267	pass = read_passphrase("Enter passphrase: ",
268	RP_ALLOW_STDIN);	268	RP_ALLOW_STDIN);
269	prv = key_load_private(filename, pass, NULL);	269	prv = key_load_private(filename, pass, NULL);
270	memset(pass, 0, strlen(pass));	270	explicit_bzero(pass, strlen(pass));
271	free(pass);	271	free(pass);
272	}	272	}
273	return prv;	273	return prv;
@@ -1258,7 +1258,7 @@ do_change_passphrase(struct passwd *pw)
1258	RP_ALLOW_STDIN);	1258	RP_ALLOW_STDIN);
1259	private = key_load_private(identity_file, old_passphrase,	1259	private = key_load_private(identity_file, old_passphrase,
1260	&comment);	1260	&comment);
1261	memset(old_passphrase, 0, strlen(old_passphrase));	1261	explicit_bzero(old_passphrase, strlen(old_passphrase));
1262	free(old_passphrase);	1262	free(old_passphrase);
1263	if (private == NULL) {	1263	if (private == NULL) {
1264	printf("Bad passphrase.\n");	1264	printf("Bad passphrase.\n");
@@ -1280,15 +1280,15 @@ do_change_passphrase(struct passwd *pw)
1280		1280
1281	/* Verify that they are the same. */	1281	/* Verify that they are the same. */
1282	if (strcmp(passphrase1, passphrase2) != 0) {	1282	if (strcmp(passphrase1, passphrase2) != 0) {
1283	memset(passphrase1, 0, strlen(passphrase1));	1283	explicit_bzero(passphrase1, strlen(passphrase1));
1284	memset(passphrase2, 0, strlen(passphrase2));	1284	explicit_bzero(passphrase2, strlen(passphrase2));
1285	free(passphrase1);	1285	free(passphrase1);
1286	free(passphrase2);	1286	free(passphrase2);
1287	printf("Pass phrases do not match. Try again.\n");	1287	printf("Pass phrases do not match. Try again.\n");
1288	exit(1);	1288	exit(1);
1289	}	1289	}
1290	/* Destroy the other copy. */	1290	/* Destroy the other copy. */
1291	memset(passphrase2, 0, strlen(passphrase2));	1291	explicit_bzero(passphrase2, strlen(passphrase2));
1292	free(passphrase2);	1292	free(passphrase2);
1293	}	1293	}
1294		1294
@@ -1296,14 +1296,14 @@ do_change_passphrase(struct passwd *pw)
1296	if (!key_save_private(private, identity_file, passphrase1, comment,	1296	if (!key_save_private(private, identity_file, passphrase1, comment,
1297	use_new_format, new_format_cipher, rounds)) {	1297	use_new_format, new_format_cipher, rounds)) {
1298	printf("Saving the key failed: %s.\n", identity_file);	1298	printf("Saving the key failed: %s.\n", identity_file);
1299	memset(passphrase1, 0, strlen(passphrase1));	1299	explicit_bzero(passphrase1, strlen(passphrase1));
1300	free(passphrase1);	1300	free(passphrase1);
1301	key_free(private);	1301	key_free(private);
1302	free(comment);	1302	free(comment);
1303	exit(1);	1303	exit(1);
1304	}	1304	}
1305	/* Destroy the passphrase and the copy of the key in memory. */	1305	/* Destroy the passphrase and the copy of the key in memory. */
1306	memset(passphrase1, 0, strlen(passphrase1));	1306	explicit_bzero(passphrase1, strlen(passphrase1));
1307	free(passphrase1);	1307	free(passphrase1);
1308	key_free(private); /* Destroys contents */	1308	key_free(private); /* Destroys contents */
1309	free(comment);	1309	free(comment);
@@ -1375,7 +1375,7 @@ do_change_comment(struct passwd *pw)
1375	/* Try to load using the passphrase. */	1375	/* Try to load using the passphrase. */
1376	private = key_load_private(identity_file, passphrase, &comment);	1376	private = key_load_private(identity_file, passphrase, &comment);
1377	if (private == NULL) {	1377	if (private == NULL) {
1378	memset(passphrase, 0, strlen(passphrase));	1378	explicit_bzero(passphrase, strlen(passphrase));
1379	free(passphrase);	1379	free(passphrase);
1380	printf("Bad passphrase.\n");	1380	printf("Bad passphrase.\n");
1381	exit(1);	1381	exit(1);
@@ -1396,7 +1396,7 @@ do_change_comment(struct passwd *pw)
1396	printf("Enter new comment: ");	1396	printf("Enter new comment: ");
1397	fflush(stdout);	1397	fflush(stdout);
1398	if (!fgets(new_comment, sizeof(new_comment), stdin)) {	1398	if (!fgets(new_comment, sizeof(new_comment), stdin)) {
1399	memset(passphrase, 0, strlen(passphrase));	1399	explicit_bzero(passphrase, strlen(passphrase));
1400	key_free(private);	1400	key_free(private);
1401	exit(1);	1401	exit(1);
1402	}	1402	}
@@ -1407,13 +1407,13 @@ do_change_comment(struct passwd *pw)
1407	if (!key_save_private(private, identity_file, passphrase, new_comment,	1407	if (!key_save_private(private, identity_file, passphrase, new_comment,
1408	use_new_format, new_format_cipher, rounds)) {	1408	use_new_format, new_format_cipher, rounds)) {
1409	printf("Saving the key failed: %s.\n", identity_file);	1409	printf("Saving the key failed: %s.\n", identity_file);
1410	memset(passphrase, 0, strlen(passphrase));	1410	explicit_bzero(passphrase, strlen(passphrase));
1411	free(passphrase);	1411	free(passphrase);
1412	key_free(private);	1412	key_free(private);
1413	free(comment);	1413	free(comment);
1414	exit(1);	1414	exit(1);
1415	}	1415	}
1416	memset(passphrase, 0, strlen(passphrase));	1416	explicit_bzero(passphrase, strlen(passphrase));
1417	free(passphrase);	1417	free(passphrase);
1418	public = key_from_private(private);	1418	public = key_from_private(private);
1419	key_free(private);	1419	key_free(private);
@@ -2632,15 +2632,15 @@ passphrase_again:
2632	* The passphrases do not match. Clear them and	2632	* The passphrases do not match. Clear them and
2633	* retry.	2633	* retry.
2634	*/	2634	*/
2635	memset(passphrase1, 0, strlen(passphrase1));	2635	explicit_bzero(passphrase1, strlen(passphrase1));
2636	memset(passphrase2, 0, strlen(passphrase2));	2636	explicit_bzero(passphrase2, strlen(passphrase2));
2637	free(passphrase1);	2637	free(passphrase1);
2638	free(passphrase2);	2638	free(passphrase2);
2639	printf("Passphrases do not match. Try again.\n");	2639	printf("Passphrases do not match. Try again.\n");
2640	goto passphrase_again;	2640	goto passphrase_again;
2641	}	2641	}
2642	/* Clear the other copy of the passphrase. */	2642	/* Clear the other copy of the passphrase. */
2643	memset(passphrase2, 0, strlen(passphrase2));	2643	explicit_bzero(passphrase2, strlen(passphrase2));
2644	free(passphrase2);	2644	free(passphrase2);
2645	}	2645	}
2646		2646
@@ -2655,12 +2655,12 @@ passphrase_again:
2655	if (!key_save_private(private, identity_file, passphrase1, comment,	2655	if (!key_save_private(private, identity_file, passphrase1, comment,
2656	use_new_format, new_format_cipher, rounds)) {	2656	use_new_format, new_format_cipher, rounds)) {
2657	printf("Saving the key failed: %s.\n", identity_file);	2657	printf("Saving the key failed: %s.\n", identity_file);
2658	memset(passphrase1, 0, strlen(passphrase1));	2658	explicit_bzero(passphrase1, strlen(passphrase1));
2659	free(passphrase1);	2659	free(passphrase1);
2660	exit(1);	2660	exit(1);
2661	}	2661	}
2662	/* Clear the passphrase. */	2662	/* Clear the passphrase. */
2663	memset(passphrase1, 0, strlen(passphrase1));	2663	explicit_bzero(passphrase1, strlen(passphrase1));
2664	free(passphrase1);	2664	free(passphrase1);
2665		2665
2666	/* Clear the private key and the random number generator. */	2666	/* Clear the private key and the random number generator. */