upstream commit

use explicit_bzero() more liberally in the buffer code; ok
 deraadt

Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf

1 files changed, 6 insertions, 6 deletions

diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
index e2e093c00..d0d791b50 100644
--- a/sshbuf-getput-crypto.c
+++ b/sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: sshbuf-getput-crypto.c,v 1.4 2015/01/14 15:02:39 djm Exp $    */
+/*      $OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $    */
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -158,10 +158,10 @@ sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
         if (len > 0 && (d[1] & 0x80) != 0)
                 prepend = 1;
         if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
-                bzero(d, sizeof(d));
+                explicit_bzero(d, sizeof(d));
                 return r;
         }
-        bzero(d, sizeof(d));
+        explicit_bzero(d, sizeof(d));
         return 0;
 }
 
@@ -177,13 +177,13 @@ sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v)
         if (BN_bn2bin(v, d) != (int)len_bytes)
                 return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
         if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
-                bzero(d, sizeof(d));
+                explicit_bzero(d, sizeof(d));
                 return r;
         }
         POKE_U16(dp, len_bits);
         if (len_bytes != 0)
                 memcpy(dp + 2, d, len_bytes);
-        bzero(d, sizeof(d));
+        explicit_bzero(d, sizeof(d));
         return 0;
 }
 
@@ -210,7 +210,7 @@ sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
         }
         BN_CTX_free(bn_ctx);
         ret = sshbuf_put_string(buf, d, len);
-        bzero(d, len);
+        explicit_bzero(d, len);
         return ret;
 }