2 files changed, 11 insertions, 11 deletions
diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
index e2e093c00..d0d791b50 100644
--- a/sshbuf-getput-crypto.c
+++ b/sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: sshbuf-getput-crypto.c,v 1.4 2015/01/14 15:02:39 djm Exp $    */
+/*      $OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $    */
 /*
 * Copyright (c) 2011 Damien Miller
 *
@@ -158,10 +158,10 @@ sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
        if (len > 0 && (d[1] & 0x80) != 0)
                prepend = 1;
        if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
-                bzero(d, sizeof(d));
+                explicit_bzero(d, sizeof(d));
                return r;
        }
-        bzero(d, sizeof(d));
+        explicit_bzero(d, sizeof(d));
        return 0;
 }
@@ -177,13 +177,13 @@ sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v)
        if (BN_bn2bin(v, d) != (int)len_bytes)
                return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
        if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
-                bzero(d, sizeof(d));
+                explicit_bzero(d, sizeof(d));
                return r;
        }
        POKE_U16(dp, len_bits);
        if (len_bytes != 0)
                memcpy(dp + 2, d, len_bytes);
-        bzero(d, sizeof(d));
+        explicit_bzero(d, sizeof(d));
        return 0;
 }
@@ -210,7 +210,7 @@ sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
        }
        BN_CTX_free(bn_ctx);
        ret = sshbuf_put_string(buf, d, len);
-        bzero(d, len);
+        explicit_bzero(d, len);
        return ret;
 }
diff --git a/sshbuf.c b/sshbuf.c
index f52b56767..4d6e0ea0a 100644
--- a/sshbuf.c
+++ b/sshbuf.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: sshbuf.c,v 1.5 2015/12/11 04:21:12 mmcc Exp $ */
+/*      $OpenBSD: sshbuf.c,v 1.6 2016/01/12 23:42:54 djm Exp $  */
 /*
 * Copyright (c) 2011 Damien Miller
 *
@@ -134,7 +134,7 @@ sshbuf_fromb(struct sshbuf *buf)
 void
 sshbuf_init(struct sshbuf *ret)
 {
-        bzero(ret, sizeof(*ret));
+        explicit_bzero(ret, sizeof(*ret));
        ret->alloc = SSHBUF_SIZE_INIT;
        ret->max_size = SSHBUF_SIZE_MAX;
        ret->readonly = 0;
@@ -178,7 +178,7 @@ sshbuf_free(struct sshbuf *buf)
                explicit_bzero(buf->d, buf->alloc);
                free(buf->d);
        }
-        bzero(buf, sizeof(*buf));
+        explicit_bzero(buf, sizeof(*buf));
        if (!dont_free)
                free(buf);
 }
@@ -194,7 +194,7 @@ sshbuf_reset(struct sshbuf *buf)
                return;
        }
        if (sshbuf_check_sanity(buf) == 0)
-                bzero(buf->d, buf->alloc);
+                explicit_bzero(buf->d, buf->alloc);
        buf->off = buf->size = 0;
        if (buf->alloc != SSHBUF_SIZE_INIT) {
                if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) {
@@ -253,7 +253,7 @@ sshbuf_set_max_size(struct sshbuf *buf, size_t max_size)
                        rlen = roundup(buf->size, SSHBUF_SIZE_INC);
                if (rlen > max_size)
                        rlen = max_size;
-                bzero(buf->d + buf->size, buf->alloc - buf->size);
+                explicit_bzero(buf->d + buf->size, buf->alloc - buf->size);
                SSHBUF_DBG(("new alloc = %zu", rlen));
                if ((dp = realloc(buf->d, rlen)) == NULL)
                        return SSH_ERR_ALLOC_FAIL;

diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c index e2e093c00..d0d791b50 100644 --- a/sshbuf-getput-crypto.c +++ b/sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshbuf-getput-crypto.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */	1	/* $OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2011 Damien Miller	3	* Copyright (c) 2011 Damien Miller
4	*	4	*
@@ -158,10 +158,10 @@ sshbuf_put_bignum2(struct sshbuf buf, const BIGNUM v)
158	if (len > 0 && (d[1] & 0x80) != 0)	158	if (len > 0 && (d[1] & 0x80) != 0)
159	prepend = 1;	159	prepend = 1;
160	if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {	160	if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
161	bzero(d, sizeof(d));	161	explicit_bzero(d, sizeof(d));
162	return r;	162	return r;
163	}	163	}
164	bzero(d, sizeof(d));	164	explicit_bzero(d, sizeof(d));
165	return 0;	165	return 0;
166	}	166	}
167		167
@@ -177,13 +177,13 @@ sshbuf_put_bignum1(struct sshbuf buf, const BIGNUM v)
177	if (BN_bn2bin(v, d) != (int)len_bytes)	177	if (BN_bn2bin(v, d) != (int)len_bytes)
178	return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */	178	return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
179	if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {	179	if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
180	bzero(d, sizeof(d));	180	explicit_bzero(d, sizeof(d));
181	return r;	181	return r;
182	}	182	}
183	POKE_U16(dp, len_bits);	183	POKE_U16(dp, len_bits);
184	if (len_bytes != 0)	184	if (len_bytes != 0)
185	memcpy(dp + 2, d, len_bytes);	185	memcpy(dp + 2, d, len_bytes);
186	bzero(d, sizeof(d));	186	explicit_bzero(d, sizeof(d));
187	return 0;	187	return 0;
188	}	188	}
189		189
@@ -210,7 +210,7 @@ sshbuf_put_ec(struct sshbuf buf, const EC_POINT v, const EC_GROUP *g)
210	}	210	}
211	BN_CTX_free(bn_ctx);	211	BN_CTX_free(bn_ctx);
212	ret = sshbuf_put_string(buf, d, len);	212	ret = sshbuf_put_string(buf, d, len);
213	bzero(d, len);	213	explicit_bzero(d, len);
214	return ret;	214	return ret;
215	}	215	}
216		216


diff --git a/sshbuf.c b/sshbuf.c index f52b56767..4d6e0ea0a 100644 --- a/sshbuf.c +++ b/sshbuf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshbuf.c,v 1.5 2015/12/11 04:21:12 mmcc Exp $ */	1	/* $OpenBSD: sshbuf.c,v 1.6 2016/01/12 23:42:54 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2011 Damien Miller	3	* Copyright (c) 2011 Damien Miller
4	*	4	*
@@ -134,7 +134,7 @@ sshbuf_fromb(struct sshbuf *buf)
134	void	134	void
135	sshbuf_init(struct sshbuf *ret)	135	sshbuf_init(struct sshbuf *ret)
136	{	136	{
137	bzero(ret, sizeof(*ret));	137	explicit_bzero(ret, sizeof(*ret));
138	ret->alloc = SSHBUF_SIZE_INIT;	138	ret->alloc = SSHBUF_SIZE_INIT;
139	ret->max_size = SSHBUF_SIZE_MAX;	139	ret->max_size = SSHBUF_SIZE_MAX;
140	ret->readonly = 0;	140	ret->readonly = 0;
@@ -178,7 +178,7 @@ sshbuf_free(struct sshbuf *buf)
178	explicit_bzero(buf->d, buf->alloc);	178	explicit_bzero(buf->d, buf->alloc);
179	free(buf->d);	179	free(buf->d);
180	}	180	}
181	bzero(buf, sizeof(*buf));	181	explicit_bzero(buf, sizeof(*buf));
182	if (!dont_free)	182	if (!dont_free)
183	free(buf);	183	free(buf);
184	}	184	}
@@ -194,7 +194,7 @@ sshbuf_reset(struct sshbuf *buf)
194	return;	194	return;
195	}	195	}
196	if (sshbuf_check_sanity(buf) == 0)	196	if (sshbuf_check_sanity(buf) == 0)
197	bzero(buf->d, buf->alloc);	197	explicit_bzero(buf->d, buf->alloc);
198	buf->off = buf->size = 0;	198	buf->off = buf->size = 0;
199	if (buf->alloc != SSHBUF_SIZE_INIT) {	199	if (buf->alloc != SSHBUF_SIZE_INIT) {
200	if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) {	200	if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) {
@@ -253,7 +253,7 @@ sshbuf_set_max_size(struct sshbuf *buf, size_t max_size)
253	rlen = roundup(buf->size, SSHBUF_SIZE_INC);	253	rlen = roundup(buf->size, SSHBUF_SIZE_INC);
254	if (rlen > max_size)	254	if (rlen > max_size)
255	rlen = max_size;	255	rlen = max_size;
256	bzero(buf->d + buf->size, buf->alloc - buf->size);	256	explicit_bzero(buf->d + buf->size, buf->alloc - buf->size);
257	SSHBUF_DBG(("new alloc = %zu", rlen));	257	SSHBUF_DBG(("new alloc = %zu", rlen));
258	if ((dp = realloc(buf->d, rlen)) == NULL)	258	if ((dp = realloc(buf->d, rlen)) == NULL)
259	return SSH_ERR_ALLOC_FAIL;	259	return SSH_ERR_ALLOC_FAIL;