diff options
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | auth1.c | 6 | ||||
-rw-r--r-- | auth2-chall.c | 4 | ||||
-rw-r--r-- | auth2-passwd.c | 6 | ||||
-rw-r--r-- | authfile.c | 14 | ||||
-rw-r--r-- | bufaux.c | 6 | ||||
-rw-r--r-- | bufbn.c | 6 | ||||
-rw-r--r-- | buffer.c | 4 | ||||
-rw-r--r-- | cipher-3des1.c | 6 | ||||
-rw-r--r-- | cipher.c | 8 | ||||
-rw-r--r-- | clientloop.c | 6 | ||||
-rw-r--r-- | gss-serv.c | 5 | ||||
-rw-r--r-- | kex.c | 6 | ||||
-rw-r--r-- | kexdhc.c | 4 | ||||
-rw-r--r-- | kexdhs.c | 4 | ||||
-rw-r--r-- | kexecdhc.c | 4 | ||||
-rw-r--r-- | kexecdhs.c | 4 | ||||
-rw-r--r-- | kexgexc.c | 4 | ||||
-rw-r--r-- | kexgexs.c | 4 | ||||
-rw-r--r-- | key.c | 12 | ||||
-rw-r--r-- | monitor.c | 8 | ||||
-rw-r--r-- | monitor_wrap.c | 6 | ||||
-rw-r--r-- | packet.c | 16 | ||||
-rw-r--r-- | readpass.c | 8 | ||||
-rw-r--r-- | rsa.c | 10 | ||||
-rw-r--r-- | serverloop.c | 4 | ||||
-rw-r--r-- | ssh-add.c | 8 | ||||
-rw-r--r-- | ssh-agent.c | 6 | ||||
-rw-r--r-- | ssh-dss.c | 10 | ||||
-rw-r--r-- | ssh-ecdsa.c | 8 | ||||
-rw-r--r-- | ssh-ed25519.c | 10 | ||||
-rw-r--r-- | ssh-keygen.c | 34 | ||||
-rw-r--r-- | ssh-rsa.c | 14 | ||||
-rw-r--r-- | sshconnect.c | 4 | ||||
-rw-r--r-- | sshconnect1.c | 23 | ||||
-rw-r--r-- | sshconnect2.c | 18 | ||||
-rw-r--r-- | sshd.c | 13 |
37 files changed, 168 insertions, 154 deletions
@@ -44,6 +44,15 @@ | |||
44 | [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] | 44 | [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] |
45 | replace most bzero with explicit_bzero, except a few that cna be memset | 45 | replace most bzero with explicit_bzero, except a few that cna be memset |
46 | ok djm dtucker | 46 | ok djm dtucker |
47 | - djm@cvs.openbsd.org 2014/02/02 03:44:32 | ||
48 | [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] | ||
49 | [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] | ||
50 | [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] | ||
51 | [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] | ||
52 | [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] | ||
53 | [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] | ||
54 | [sshd.c] | ||
55 | convert memset of potentially-private data to explicit_bzero() | ||
47 | 56 | ||
48 | 20140131 | 57 | 20140131 |
49 | - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) | 58 | - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */ | 1 | /* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -129,7 +129,7 @@ auth1_process_password(Authctxt *authctxt) | |||
129 | /* Try authentication with the password. */ | 129 | /* Try authentication with the password. */ |
130 | authenticated = PRIVSEP(auth_password(authctxt, password)); | 130 | authenticated = PRIVSEP(auth_password(authctxt, password)); |
131 | 131 | ||
132 | memset(password, 0, dlen); | 132 | explicit_bzero(password, dlen); |
133 | free(password); | 133 | free(password); |
134 | 134 | ||
135 | return (authenticated); | 135 | return (authenticated); |
@@ -222,7 +222,7 @@ auth1_process_tis_response(Authctxt *authctxt) | |||
222 | response = packet_get_string(&dlen); | 222 | response = packet_get_string(&dlen); |
223 | packet_check_eom(); | 223 | packet_check_eom(); |
224 | authenticated = verify_response(authctxt, response); | 224 | authenticated = verify_response(authctxt, response); |
225 | memset(response, 'r', dlen); | 225 | explicit_bzero(response, dlen); |
226 | free(response); | 226 | free(response); |
227 | 227 | ||
228 | return (authenticated); | 228 | return (authenticated); |
diff --git a/auth2-chall.c b/auth2-chall.c index 4cfd8ff5b..980250a91 100644 --- a/auth2-chall.c +++ b/auth2-chall.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-chall.c,v 1.40 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: auth2-chall.c,v 1.41 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2001 Per Allansson. All rights reserved. | 4 | * Copyright (c) 2001 Per Allansson. All rights reserved. |
@@ -312,7 +312,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) | |||
312 | res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); | 312 | res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); |
313 | 313 | ||
314 | for (i = 0; i < nresp; i++) { | 314 | for (i = 0; i < nresp; i++) { |
315 | memset(response[i], 'r', strlen(response[i])); | 315 | explicit_bzero(response[i], strlen(response[i])); |
316 | free(response[i]); | 316 | free(response[i]); |
317 | } | 317 | } |
318 | free(response); | 318 | free(response); |
diff --git a/auth2-passwd.c b/auth2-passwd.c index 21bc5047d..707680cd0 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */ | 1 | /* $OpenBSD: auth2-passwd.c,v 1.11 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -59,7 +59,7 @@ userauth_passwd(Authctxt *authctxt) | |||
59 | if (change) { | 59 | if (change) { |
60 | /* discard new password from packet */ | 60 | /* discard new password from packet */ |
61 | newpass = packet_get_string(&newlen); | 61 | newpass = packet_get_string(&newlen); |
62 | memset(newpass, 0, newlen); | 62 | explicit_bzero(newpass, newlen); |
63 | free(newpass); | 63 | free(newpass); |
64 | } | 64 | } |
65 | packet_check_eom(); | 65 | packet_check_eom(); |
@@ -68,7 +68,7 @@ userauth_passwd(Authctxt *authctxt) | |||
68 | logit("password change not supported"); | 68 | logit("password change not supported"); |
69 | else if (PRIVSEP(auth_password(authctxt, password)) == 1) | 69 | else if (PRIVSEP(auth_password(authctxt, password)) == 1) |
70 | authenticated = 1; | 70 | authenticated = 1; |
71 | memset(password, 0, len); | 71 | explicit_bzero(password, len); |
72 | free(password); | 72 | free(password); |
73 | return authenticated; | 73 | return authenticated; |
74 | } | 74 | } |
diff --git a/authfile.c b/authfile.c index 22da0eb05..d7eaa9dec 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.102 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -131,7 +131,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase, | |||
131 | buffer_put_int(&kdf, rounds); | 131 | buffer_put_int(&kdf, rounds); |
132 | } | 132 | } |
133 | cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1); | 133 | cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1); |
134 | memset(key, 0, keylen + ivlen); | 134 | explicit_bzero(key, keylen + ivlen); |
135 | free(key); | 135 | free(key); |
136 | 136 | ||
137 | buffer_init(&encoded); | 137 | buffer_init(&encoded); |
@@ -143,7 +143,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase, | |||
143 | key_to_blob(prv, &cp, &len); /* public key */ | 143 | key_to_blob(prv, &cp, &len); /* public key */ |
144 | buffer_put_string(&encoded, cp, len); | 144 | buffer_put_string(&encoded, cp, len); |
145 | 145 | ||
146 | memset(cp, 0, len); | 146 | explicit_bzero(cp, len); |
147 | free(cp); | 147 | free(cp); |
148 | 148 | ||
149 | buffer_free(&kdf); | 149 | buffer_free(&kdf); |
@@ -409,7 +409,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase, | |||
409 | free(salt); | 409 | free(salt); |
410 | free(comment); | 410 | free(comment); |
411 | if (key) | 411 | if (key) |
412 | memset(key, 0, keylen + ivlen); | 412 | explicit_bzero(key, keylen + ivlen); |
413 | free(key); | 413 | free(key); |
414 | buffer_free(&encoded); | 414 | buffer_free(&encoded); |
415 | buffer_free(©); | 415 | buffer_free(©); |
@@ -496,10 +496,10 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, | |||
496 | buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0) | 496 | buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0) |
497 | fatal("%s: cipher_crypt failed", __func__); | 497 | fatal("%s: cipher_crypt failed", __func__); |
498 | cipher_cleanup(&ciphercontext); | 498 | cipher_cleanup(&ciphercontext); |
499 | memset(&ciphercontext, 0, sizeof(ciphercontext)); | 499 | explicit_bzero(&ciphercontext, sizeof(ciphercontext)); |
500 | 500 | ||
501 | /* Destroy temporary data. */ | 501 | /* Destroy temporary data. */ |
502 | memset(buf, 0, sizeof(buf)); | 502 | explicit_bzero(buf, sizeof(buf)); |
503 | buffer_free(&buffer); | 503 | buffer_free(&buffer); |
504 | 504 | ||
505 | buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); | 505 | buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); |
@@ -831,7 +831,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) | |||
831 | buffer_ptr(©), buffer_len(©), 0, 0) != 0) | 831 | buffer_ptr(©), buffer_len(©), 0, 0) != 0) |
832 | fatal("%s: cipher_crypt failed", __func__); | 832 | fatal("%s: cipher_crypt failed", __func__); |
833 | cipher_cleanup(&ciphercontext); | 833 | cipher_cleanup(&ciphercontext); |
834 | memset(&ciphercontext, 0, sizeof(ciphercontext)); | 834 | explicit_bzero(&ciphercontext, sizeof(ciphercontext)); |
835 | buffer_free(©); | 835 | buffer_free(©); |
836 | 836 | ||
837 | check1 = buffer_get_char(&decrypted); | 837 | check1 = buffer_get_char(&decrypted); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufaux.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -346,7 +346,7 @@ buffer_get_bignum2_as_string_ret(Buffer *buffer, u_int *length_ptr) | |||
346 | } | 346 | } |
347 | ret = xmalloc(len); | 347 | ret = xmalloc(len); |
348 | memcpy(ret, p, len); | 348 | memcpy(ret, p, len); |
349 | memset(p, '\0', len); | 349 | explicit_bzero(p, len); |
350 | free(bin); | 350 | free(bin); |
351 | return ret; | 351 | return ret; |
352 | } | 352 | } |
@@ -383,7 +383,7 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l) | |||
383 | } | 383 | } |
384 | memcpy(p, s, l); | 384 | memcpy(p, s, l); |
385 | buffer_put_string(buffer, buf, l + pad); | 385 | buffer_put_string(buffer, buf, l + pad); |
386 | memset(buf, '\0', l + pad); | 386 | explicit_bzero(buf, l + pad); |
387 | free(buf); | 387 | free(buf); |
388 | } | 388 | } |
389 | 389 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufbn.c,v 1.8 2013/11/08 11:15:19 dtucker Exp $*/ | 1 | /* $OpenBSD: bufbn.c,v 1.9 2014/02/02 03:44:31 djm Exp $*/ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -80,7 +80,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) | |||
80 | /* Store the binary data. */ | 80 | /* Store the binary data. */ |
81 | buffer_append(buffer, buf, oi); | 81 | buffer_append(buffer, buf, oi); |
82 | 82 | ||
83 | memset(buf, 0, bin_size); | 83 | explicit_bzero(buf, bin_size); |
84 | free(buf); | 84 | free(buf); |
85 | 85 | ||
86 | return (0); | 86 | return (0); |
@@ -173,7 +173,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) | |||
173 | } | 173 | } |
174 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; | 174 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; |
175 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); | 175 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); |
176 | memset(buf, 0, bytes); | 176 | explicit_bzero(buf, bytes); |
177 | free(buf); | 177 | free(buf); |
178 | return (0); | 178 | return (0); |
179 | } | 179 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: buffer.c,v 1.34 2013/11/08 11:15:19 dtucker Exp $ */ | 1 | /* $OpenBSD: buffer.c,v 1.35 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -49,7 +49,7 @@ void | |||
49 | buffer_free(Buffer *buffer) | 49 | buffer_free(Buffer *buffer) |
50 | { | 50 | { |
51 | if (buffer->alloc > 0) { | 51 | if (buffer->alloc > 0) { |
52 | memset(buffer->buf, 0, buffer->alloc); | 52 | explicit_bzero(buffer->buf, buffer->alloc); |
53 | buffer->alloc = 0; | 53 | buffer->alloc = 0; |
54 | free(buffer->buf); | 54 | free(buffer->buf); |
55 | } | 55 | } |
diff --git a/cipher-3des1.c b/cipher-3des1.c index 56fc77786..b2823592b 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher-3des1.c,v 1.9 2013/11/08 00:39:15 djm Exp $ */ | 1 | /* $OpenBSD: cipher-3des1.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2003 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2003 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -93,7 +93,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, | |||
93 | if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || | 93 | if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || |
94 | EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || | 94 | EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || |
95 | EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { | 95 | EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { |
96 | memset(c, 0, sizeof(*c)); | 96 | explicit_bzero(c, sizeof(*c)); |
97 | free(c); | 97 | free(c); |
98 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | 98 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
99 | return (0); | 99 | return (0); |
@@ -134,7 +134,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) | |||
134 | EVP_CIPHER_CTX_cleanup(&c->k1); | 134 | EVP_CIPHER_CTX_cleanup(&c->k1); |
135 | EVP_CIPHER_CTX_cleanup(&c->k2); | 135 | EVP_CIPHER_CTX_cleanup(&c->k2); |
136 | EVP_CIPHER_CTX_cleanup(&c->k3); | 136 | EVP_CIPHER_CTX_cleanup(&c->k3); |
137 | memset(c, 0, sizeof(*c)); | 137 | explicit_bzero(c, sizeof(*c)); |
138 | free(c); | 138 | free(c); |
139 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | 139 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
140 | } | 140 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.c,v 1.95 2014/01/27 19:18:54 markus Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.96 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -337,7 +337,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, | |||
337 | if (EVP_Cipher(&cc->evp, discard, junk, | 337 | if (EVP_Cipher(&cc->evp, discard, junk, |
338 | cipher->discard_len) == 0) | 338 | cipher->discard_len) == 0) |
339 | fatal("evp_crypt: EVP_Cipher failed during discard"); | 339 | fatal("evp_crypt: EVP_Cipher failed during discard"); |
340 | memset(discard, 0, cipher->discard_len); | 340 | explicit_bzero(discard, cipher->discard_len); |
341 | free(junk); | 341 | free(junk); |
342 | free(discard); | 342 | free(discard); |
343 | } | 343 | } |
@@ -422,7 +422,7 @@ void | |||
422 | cipher_cleanup(CipherContext *cc) | 422 | cipher_cleanup(CipherContext *cc) |
423 | { | 423 | { |
424 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) | 424 | if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) |
425 | memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx)); | 425 | explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); |
426 | else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) | 426 | else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) |
427 | error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); | 427 | error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); |
428 | } | 428 | } |
@@ -444,7 +444,7 @@ cipher_set_key_string(CipherContext *cc, const Cipher *cipher, | |||
444 | 444 | ||
445 | cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); | 445 | cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); |
446 | 446 | ||
447 | memset(digest, 0, sizeof(digest)); | 447 | explicit_bzero(digest, sizeof(digest)); |
448 | } | 448 | } |
449 | 449 | ||
450 | /* | 450 | /* |
diff --git a/clientloop.c b/clientloop.c index fd3ff49e8..59ad3a2c3 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.257 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.258 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1761,7 +1761,7 @@ client_input_stdout_data(int type, u_int32_t seq, void *ctxt) | |||
1761 | char *data = packet_get_string(&data_len); | 1761 | char *data = packet_get_string(&data_len); |
1762 | packet_check_eom(); | 1762 | packet_check_eom(); |
1763 | buffer_append(&stdout_buffer, data, data_len); | 1763 | buffer_append(&stdout_buffer, data, data_len); |
1764 | memset(data, 0, data_len); | 1764 | explicit_bzero(data, data_len); |
1765 | free(data); | 1765 | free(data); |
1766 | } | 1766 | } |
1767 | static void | 1767 | static void |
@@ -1771,7 +1771,7 @@ client_input_stderr_data(int type, u_int32_t seq, void *ctxt) | |||
1771 | char *data = packet_get_string(&data_len); | 1771 | char *data = packet_get_string(&data_len); |
1772 | packet_check_eom(); | 1772 | packet_check_eom(); |
1773 | buffer_append(&stderr_buffer, data, data_len); | 1773 | buffer_append(&stderr_buffer, data, data_len); |
1774 | memset(data, 0, data_len); | 1774 | explicit_bzero(data, data_len); |
1775 | free(data); | 1775 | free(data); |
1776 | } | 1776 | } |
1777 | static void | 1777 | static void |
diff --git a/gss-serv.c b/gss-serv.c index 95348e251..b61e6e140 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.25 2014/02/02 03:44:31 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
@@ -346,7 +346,8 @@ ssh_gssapi_userok(char *user) | |||
346 | gss_release_buffer(&lmin, &gssapi_client.displayname); | 346 | gss_release_buffer(&lmin, &gssapi_client.displayname); |
347 | gss_release_buffer(&lmin, &gssapi_client.exportedname); | 347 | gss_release_buffer(&lmin, &gssapi_client.exportedname); |
348 | gss_release_cred(&lmin, &gssapi_client.creds); | 348 | gss_release_cred(&lmin, &gssapi_client.creds); |
349 | memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); | 349 | explicit_bzero(&gssapi_client, |
350 | sizeof(ssh_gssapi_client)); | ||
350 | return 0; | 351 | return 0; |
351 | } | 352 | } |
352 | else | 353 | else |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.97 2014/01/25 20:35:37 markus Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -666,8 +666,8 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, | |||
666 | fatal("%s: ssh_digest_final failed", __func__); | 666 | fatal("%s: ssh_digest_final failed", __func__); |
667 | memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5)); | 667 | memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5)); |
668 | 668 | ||
669 | memset(nbuf, 0, sizeof(nbuf)); | 669 | explicit_bzero(nbuf, sizeof(nbuf)); |
670 | memset(obuf, 0, sizeof(obuf)); | 670 | explicit_bzero(obuf, sizeof(obuf)); |
671 | } | 671 | } |
672 | 672 | ||
673 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) | 673 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhc.c,v 1.14 2014/01/12 08:13:13 djm Exp $ */ | 1 | /* $OpenBSD: kexdhc.c,v 1.15 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -124,7 +124,7 @@ kexdh_client(Kex *kex) | |||
124 | fatal("kexdh_client: BN_new failed"); | 124 | fatal("kexdh_client: BN_new failed"); |
125 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 125 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
126 | fatal("kexdh_client: BN_bin2bn failed"); | 126 | fatal("kexdh_client: BN_bin2bn failed"); |
127 | memset(kbuf, 0, klen); | 127 | explicit_bzero(kbuf, klen); |
128 | free(kbuf); | 128 | free(kbuf); |
129 | 129 | ||
130 | /* calc and verify H */ | 130 | /* calc and verify H */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhs.c,v 1.17 2014/01/12 08:13:13 djm Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.18 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -110,7 +110,7 @@ kexdh_server(Kex *kex) | |||
110 | fatal("kexdh_server: BN_new failed"); | 110 | fatal("kexdh_server: BN_new failed"); |
111 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 111 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
112 | fatal("kexdh_server: BN_bin2bn failed"); | 112 | fatal("kexdh_server: BN_bin2bn failed"); |
113 | memset(kbuf, 0, klen); | 113 | explicit_bzero(kbuf, klen); |
114 | free(kbuf); | 114 | free(kbuf); |
115 | 115 | ||
116 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); | 116 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
diff --git a/kexecdhc.c b/kexecdhc.c index e3d1cf5f9..2f7629cca 100644 --- a/kexecdhc.c +++ b/kexecdhc.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhc.c,v 1.6 2014/01/12 08:13:13 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhc.c,v 1.7 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -119,7 +119,7 @@ kexecdh_client(Kex *kex) | |||
119 | fatal("%s: BN_new failed", __func__); | 119 | fatal("%s: BN_new failed", __func__); |
120 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) | 120 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) |
121 | fatal("%s: BN_bin2bn failed", __func__); | 121 | fatal("%s: BN_bin2bn failed", __func__); |
122 | memset(kbuf, 0, klen); | 122 | explicit_bzero(kbuf, klen); |
123 | free(kbuf); | 123 | free(kbuf); |
124 | 124 | ||
125 | /* calc and verify H */ | 125 | /* calc and verify H */ |
diff --git a/kexecdhs.c b/kexecdhs.c index 6fbb79c9d..2700b7219 100644 --- a/kexecdhs.c +++ b/kexecdhs.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhs.c,v 1.9 2014/01/12 08:13:13 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhs.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -103,7 +103,7 @@ kexecdh_server(Kex *kex) | |||
103 | fatal("%s: BN_new failed", __func__); | 103 | fatal("%s: BN_new failed", __func__); |
104 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) | 104 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) |
105 | fatal("%s: BN_bin2bn failed", __func__); | 105 | fatal("%s: BN_bin2bn failed", __func__); |
106 | memset(kbuf, 0, klen); | 106 | explicit_bzero(kbuf, klen); |
107 | free(kbuf); | 107 | free(kbuf); |
108 | 108 | ||
109 | /* calc H */ | 109 | /* calc H */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexc.c,v 1.16 2014/01/25 10:12:50 dtucker Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.17 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -162,7 +162,7 @@ kexgex_client(Kex *kex) | |||
162 | fatal("kexgex_client: BN_new failed"); | 162 | fatal("kexgex_client: BN_new failed"); |
163 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 163 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
164 | fatal("kexgex_client: BN_bin2bn failed"); | 164 | fatal("kexgex_client: BN_bin2bn failed"); |
165 | memset(kbuf, 0, klen); | 165 | explicit_bzero(kbuf, klen); |
166 | free(kbuf); | 166 | free(kbuf); |
167 | 167 | ||
168 | if (datafellows & SSH_OLD_DHGEX) | 168 | if (datafellows & SSH_OLD_DHGEX) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.18 2014/01/12 08:13:13 djm Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.19 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -150,7 +150,7 @@ kexgex_server(Kex *kex) | |||
150 | fatal("kexgex_server: BN_new failed"); | 150 | fatal("kexgex_server: BN_new failed"); |
151 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 151 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
152 | fatal("kexgex_server: BN_bin2bn failed"); | 152 | fatal("kexgex_server: BN_bin2bn failed"); |
153 | memset(kbuf, 0, klen); | 153 | explicit_bzero(kbuf, klen); |
154 | free(kbuf); | 154 | free(kbuf); |
155 | 155 | ||
156 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); | 156 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.115 2014/01/09 23:20:00 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.116 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -242,12 +242,12 @@ key_free(Key *k) | |||
242 | case KEY_ED25519: | 242 | case KEY_ED25519: |
243 | case KEY_ED25519_CERT: | 243 | case KEY_ED25519_CERT: |
244 | if (k->ed25519_pk) { | 244 | if (k->ed25519_pk) { |
245 | memset(k->ed25519_pk, 0, ED25519_PK_SZ); | 245 | explicit_bzero(k->ed25519_pk, ED25519_PK_SZ); |
246 | free(k->ed25519_pk); | 246 | free(k->ed25519_pk); |
247 | k->ed25519_pk = NULL; | 247 | k->ed25519_pk = NULL; |
248 | } | 248 | } |
249 | if (k->ed25519_sk) { | 249 | if (k->ed25519_sk) { |
250 | memset(k->ed25519_sk, 0, ED25519_SK_SZ); | 250 | explicit_bzero(k->ed25519_sk, ED25519_SK_SZ); |
251 | free(k->ed25519_sk); | 251 | free(k->ed25519_sk); |
252 | k->ed25519_sk = NULL; | 252 | k->ed25519_sk = NULL; |
253 | } | 253 | } |
@@ -415,7 +415,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, | |||
415 | if ((ssh_digest_memory(hash_alg, blob, len, | 415 | if ((ssh_digest_memory(hash_alg, blob, len, |
416 | retval, SSH_DIGEST_MAX_LENGTH)) != 0) | 416 | retval, SSH_DIGEST_MAX_LENGTH)) != 0) |
417 | fatal("%s: digest_memory failed", __func__); | 417 | fatal("%s: digest_memory failed", __func__); |
418 | memset(blob, 0, len); | 418 | explicit_bzero(blob, len); |
419 | free(blob); | 419 | free(blob); |
420 | *dgst_raw_length = ssh_digest_bytes(hash_alg); | 420 | *dgst_raw_length = ssh_digest_bytes(hash_alg); |
421 | } else { | 421 | } else { |
@@ -623,7 +623,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | |||
623 | dgst_rep); | 623 | dgst_rep); |
624 | break; | 624 | break; |
625 | } | 625 | } |
626 | memset(dgst_raw, 0, dgst_raw_len); | 626 | explicit_bzero(dgst_raw, dgst_raw_len); |
627 | free(dgst_raw); | 627 | free(dgst_raw); |
628 | return retval; | 628 | return retval; |
629 | } | 629 | } |
@@ -1744,7 +1744,7 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) | |||
1744 | *blobp = xmalloc(len); | 1744 | *blobp = xmalloc(len); |
1745 | memcpy(*blobp, buffer_ptr(&b), len); | 1745 | memcpy(*blobp, buffer_ptr(&b), len); |
1746 | } | 1746 | } |
1747 | memset(buffer_ptr(&b), 0, len); | 1747 | explicit_bzero(buffer_ptr(&b), len); |
1748 | buffer_free(&b); | 1748 | buffer_free(&b); |
1749 | return len; | 1749 | return len; |
1750 | } | 1750 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.130 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -858,7 +858,7 @@ mm_answer_authpassword(int sock, Buffer *m) | |||
858 | /* Only authenticate if the context is valid */ | 858 | /* Only authenticate if the context is valid */ |
859 | authenticated = options.password_authentication && | 859 | authenticated = options.password_authentication && |
860 | auth_password(authctxt, passwd); | 860 | auth_password(authctxt, passwd); |
861 | memset(passwd, 0, strlen(passwd)); | 861 | explicit_bzero(passwd, strlen(passwd)); |
862 | free(passwd); | 862 | free(passwd); |
863 | 863 | ||
864 | buffer_clear(m); | 864 | buffer_clear(m); |
@@ -1800,13 +1800,13 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1800 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ | 1800 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ |
1801 | buffer_clear(packet_get_input()); | 1801 | buffer_clear(packet_get_input()); |
1802 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); | 1802 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); |
1803 | memset(child_state.input, 0, child_state.ilen); | 1803 | explicit_bzero(child_state.input, child_state.ilen); |
1804 | free(child_state.input); | 1804 | free(child_state.input); |
1805 | 1805 | ||
1806 | buffer_clear(packet_get_output()); | 1806 | buffer_clear(packet_get_output()); |
1807 | buffer_append(packet_get_output(), child_state.output, | 1807 | buffer_append(packet_get_output(), child_state.output, |
1808 | child_state.olen); | 1808 | child_state.olen); |
1809 | memset(child_state.output, 0, child_state.olen); | 1809 | explicit_bzero(child_state.output, child_state.olen); |
1810 | free(child_state.output); | 1810 | free(child_state.output); |
1811 | 1811 | ||
1812 | /* Roaming */ | 1812 | /* Roaming */ |
diff --git a/monitor_wrap.c b/monitor_wrap.c index 64c262363..1a47e4174 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.c,v 1.78 2014/01/29 06:18:35 djm Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.79 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -572,7 +572,7 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) | |||
572 | *blobp = xmalloc(len); | 572 | *blobp = xmalloc(len); |
573 | memcpy(*blobp, buffer_ptr(&b), len); | 573 | memcpy(*blobp, buffer_ptr(&b), len); |
574 | } | 574 | } |
575 | memset(buffer_ptr(&b), 0, len); | 575 | explicit_bzero(buffer_ptr(&b), len); |
576 | buffer_free(&b); | 576 | buffer_free(&b); |
577 | return len; | 577 | return len; |
578 | } | 578 | } |
@@ -616,7 +616,7 @@ mm_send_keystate(struct monitor *monitor) | |||
616 | key = xmalloc(keylen+1); /* add 1 if keylen == 0 */ | 616 | key = xmalloc(keylen+1); /* add 1 if keylen == 0 */ |
617 | keylen = packet_get_encryption_key(key); | 617 | keylen = packet_get_encryption_key(key); |
618 | buffer_put_string(&m, key, keylen); | 618 | buffer_put_string(&m, key, keylen); |
619 | memset(key, 0, keylen); | 619 | explicit_bzero(key, keylen); |
620 | free(key); | 620 | free(key); |
621 | 621 | ||
622 | ivlen = packet_get_keyiv_len(MODE_OUT); | 622 | ivlen = packet_get_keyiv_len(MODE_OUT); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.191 2013/12/06 13:34:54 markus Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.192 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -764,9 +764,9 @@ set_newkeys(int mode) | |||
764 | mac = &active_state->newkeys[mode]->mac; | 764 | mac = &active_state->newkeys[mode]->mac; |
765 | comp = &active_state->newkeys[mode]->comp; | 765 | comp = &active_state->newkeys[mode]->comp; |
766 | mac_clear(mac); | 766 | mac_clear(mac); |
767 | memset(enc->iv, 0, enc->iv_len); | 767 | explicit_bzero(enc->iv, enc->iv_len); |
768 | memset(enc->key, 0, enc->key_len); | 768 | explicit_bzero(enc->key, enc->key_len); |
769 | memset(mac->key, 0, mac->key_len); | 769 | explicit_bzero(mac->key, mac->key_len); |
770 | free(enc->name); | 770 | free(enc->name); |
771 | free(enc->iv); | 771 | free(enc->iv); |
772 | free(enc->key); | 772 | free(enc->key); |
@@ -787,9 +787,9 @@ set_newkeys(int mode) | |||
787 | cipher_init(cc, enc->cipher, enc->key, enc->key_len, | 787 | cipher_init(cc, enc->cipher, enc->key, enc->key_len, |
788 | enc->iv, enc->iv_len, crypt_type); | 788 | enc->iv, enc->iv_len, crypt_type); |
789 | /* Deleting the keys does not gain extra security */ | 789 | /* Deleting the keys does not gain extra security */ |
790 | /* memset(enc->iv, 0, enc->block_size); | 790 | /* explicit_bzero(enc->iv, enc->block_size); |
791 | memset(enc->key, 0, enc->key_len); | 791 | explicit_bzero(enc->key, enc->key_len); |
792 | memset(mac->key, 0, mac->key_len); */ | 792 | explicit_bzero(mac->key, mac->key_len); */ |
793 | if ((comp->type == COMP_ZLIB || | 793 | if ((comp->type == COMP_ZLIB || |
794 | (comp->type == COMP_DELAYED && | 794 | (comp->type == COMP_DELAYED && |
795 | active_state->after_authentication)) && comp->enabled == 0) { | 795 | active_state->after_authentication)) && comp->enabled == 0) { |
@@ -928,7 +928,7 @@ packet_send2_wrapped(void) | |||
928 | } | 928 | } |
929 | } else { | 929 | } else { |
930 | /* clear padding */ | 930 | /* clear padding */ |
931 | memset(cp, 0, padlen); | 931 | explicit_bzero(cp, padlen); |
932 | } | 932 | } |
933 | /* sizeof (packet_len + pad_len + payload + padding) */ | 933 | /* sizeof (packet_len + pad_len + payload + padding) */ |
934 | len = buffer_len(&active_state->outgoing_packet); | 934 | len = buffer_len(&active_state->outgoing_packet); |
diff --git a/readpass.c b/readpass.c index e37d31158..869d86425 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */ | 1 | /* $OpenBSD: readpass.c,v 1.50 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -99,13 +99,13 @@ ssh_askpass(char *askpass, const char *msg) | |||
99 | break; | 99 | break; |
100 | signal(SIGCHLD, osigchld); | 100 | signal(SIGCHLD, osigchld); |
101 | if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { | 101 | if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { |
102 | memset(buf, 0, sizeof(buf)); | 102 | explicit_bzero(buf, sizeof(buf)); |
103 | return NULL; | 103 | return NULL; |
104 | } | 104 | } |
105 | 105 | ||
106 | buf[strcspn(buf, "\r\n")] = '\0'; | 106 | buf[strcspn(buf, "\r\n")] = '\0'; |
107 | pass = xstrdup(buf); | 107 | pass = xstrdup(buf); |
108 | memset(buf, 0, sizeof(buf)); | 108 | explicit_bzero(buf, sizeof(buf)); |
109 | return pass; | 109 | return pass; |
110 | } | 110 | } |
111 | 111 | ||
@@ -162,7 +162,7 @@ read_passphrase(const char *prompt, int flags) | |||
162 | } | 162 | } |
163 | 163 | ||
164 | ret = xstrdup(buf); | 164 | ret = xstrdup(buf); |
165 | memset(buf, 'x', sizeof buf); | 165 | explicit_bzero(buf, sizeof(buf)); |
166 | return ret; | 166 | return ret; |
167 | } | 167 | } |
168 | 168 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */ | 1 | /* $OpenBSD: rsa.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -94,8 +94,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) | |||
94 | if (BN_bin2bn(outbuf, len, out) == NULL) | 94 | if (BN_bin2bn(outbuf, len, out) == NULL) |
95 | fatal("rsa_public_encrypt: BN_bin2bn failed"); | 95 | fatal("rsa_public_encrypt: BN_bin2bn failed"); |
96 | 96 | ||
97 | memset(outbuf, 0, olen); | 97 | explicit_bzero(outbuf, olen); |
98 | memset(inbuf, 0, ilen); | 98 | explicit_bzero(inbuf, ilen); |
99 | free(outbuf); | 99 | free(outbuf); |
100 | free(inbuf); | 100 | free(inbuf); |
101 | } | 101 | } |
@@ -120,8 +120,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) | |||
120 | if (BN_bin2bn(outbuf, len, out) == NULL) | 120 | if (BN_bin2bn(outbuf, len, out) == NULL) |
121 | fatal("rsa_private_decrypt: BN_bin2bn failed"); | 121 | fatal("rsa_private_decrypt: BN_bin2bn failed"); |
122 | } | 122 | } |
123 | memset(outbuf, 0, olen); | 123 | explicit_bzero(outbuf, olen); |
124 | memset(inbuf, 0, ilen); | 124 | explicit_bzero(inbuf, ilen); |
125 | free(outbuf); | 125 | free(outbuf); |
126 | free(inbuf); | 126 | free(inbuf); |
127 | return len; | 127 | return len; |
diff --git a/serverloop.c b/serverloop.c index 5b2f8028d..2f8e3a06a 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: serverloop.c,v 1.169 2013/12/19 00:19:12 dtucker Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.170 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -920,7 +920,7 @@ server_input_stdin_data(int type, u_int32_t seq, void *ctxt) | |||
920 | data = packet_get_string(&data_len); | 920 | data = packet_get_string(&data_len); |
921 | packet_check_eom(); | 921 | packet_check_eom(); |
922 | buffer_append(&stdin_buffer, data, data_len); | 922 | buffer_append(&stdin_buffer, data, data_len); |
923 | memset(data, 0, data_len); | 923 | explicit_bzero(data, data_len); |
924 | free(data); | 924 | free(data); |
925 | } | 925 | } |
926 | 926 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.108 2013/12/19 00:10:30 djm Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.109 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -90,7 +90,7 @@ static void | |||
90 | clear_pass(void) | 90 | clear_pass(void) |
91 | { | 91 | { |
92 | if (pass) { | 92 | if (pass) { |
93 | memset(pass, 0, strlen(pass)); | 93 | explicit_bzero(pass, strlen(pass)); |
94 | free(pass); | 94 | free(pass); |
95 | pass = NULL; | 95 | pass = NULL; |
96 | } | 96 | } |
@@ -366,7 +366,7 @@ lock_agent(AuthenticationConnection *ac, int lock) | |||
366 | fprintf(stderr, "Passwords do not match.\n"); | 366 | fprintf(stderr, "Passwords do not match.\n"); |
367 | passok = 0; | 367 | passok = 0; |
368 | } | 368 | } |
369 | memset(p2, 0, strlen(p2)); | 369 | explicit_bzero(p2, strlen(p2)); |
370 | free(p2); | 370 | free(p2); |
371 | } | 371 | } |
372 | if (passok && ssh_lock_agent(ac, lock, p1)) { | 372 | if (passok && ssh_lock_agent(ac, lock, p1)) { |
@@ -374,7 +374,7 @@ lock_agent(AuthenticationConnection *ac, int lock) | |||
374 | ret = 0; | 374 | ret = 0; |
375 | } else | 375 | } else |
376 | fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); | 376 | fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); |
377 | memset(p1, 0, strlen(p1)); | 377 | explicit_bzero(p1, strlen(p1)); |
378 | free(p1); | 378 | free(p1); |
379 | return (ret); | 379 | return (ret); |
380 | } | 380 | } |
diff --git a/ssh-agent.c b/ssh-agent.c index 256dff50c..ba2461211 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.182 2014/01/27 19:18:54 markus Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.183 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -554,7 +554,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
554 | passwd = buffer_get_string(&e->request, NULL); | 554 | passwd = buffer_get_string(&e->request, NULL); |
555 | if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { | 555 | if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { |
556 | locked = 0; | 556 | locked = 0; |
557 | memset(lock_passwd, 0, strlen(lock_passwd)); | 557 | explicit_bzero(lock_passwd, strlen(lock_passwd)); |
558 | free(lock_passwd); | 558 | free(lock_passwd); |
559 | lock_passwd = NULL; | 559 | lock_passwd = NULL; |
560 | success = 1; | 560 | success = 1; |
@@ -563,7 +563,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
563 | lock_passwd = xstrdup(passwd); | 563 | lock_passwd = xstrdup(passwd); |
564 | success = 1; | 564 | success = 1; |
565 | } | 565 | } |
566 | memset(passwd, 0, strlen(passwd)); | 566 | explicit_bzero(passwd, strlen(passwd)); |
567 | free(passwd); | 567 | free(passwd); |
568 | 568 | ||
569 | buffer_put_int(&e->output, 1); | 569 | buffer_put_int(&e->output, 1); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-dss.c,v 1.30 2014/01/09 23:20:00 djm Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -65,7 +65,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
65 | } | 65 | } |
66 | 66 | ||
67 | sig = DSA_do_sign(digest, dlen, key->dsa); | 67 | sig = DSA_do_sign(digest, dlen, key->dsa); |
68 | memset(digest, 'd', sizeof(digest)); | 68 | explicit_bzero(digest, sizeof(digest)); |
69 | 69 | ||
70 | if (sig == NULL) { | 70 | if (sig == NULL) { |
71 | error("ssh_dss_sign: sign failed"); | 71 | error("ssh_dss_sign: sign failed"); |
@@ -79,7 +79,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
79 | DSA_SIG_free(sig); | 79 | DSA_SIG_free(sig); |
80 | return -1; | 80 | return -1; |
81 | } | 81 | } |
82 | memset(sigblob, 0, SIGBLOB_LEN); | 82 | explicit_bzero(sigblob, SIGBLOB_LEN); |
83 | BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); | 83 | BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); |
84 | BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); | 84 | BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); |
85 | DSA_SIG_free(sig); | 85 | DSA_SIG_free(sig); |
@@ -168,7 +168,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
168 | fatal("%s: BN_bin2bn failed", __func__); | 168 | fatal("%s: BN_bin2bn failed", __func__); |
169 | 169 | ||
170 | /* clean up */ | 170 | /* clean up */ |
171 | memset(sigblob, 0, len); | 171 | explicit_bzero(sigblob, len); |
172 | free(sigblob); | 172 | free(sigblob); |
173 | 173 | ||
174 | /* sha1 the data */ | 174 | /* sha1 the data */ |
@@ -179,7 +179,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
179 | } | 179 | } |
180 | 180 | ||
181 | ret = DSA_do_verify(digest, dlen, sig, key->dsa); | 181 | ret = DSA_do_verify(digest, dlen, sig, key->dsa); |
182 | memset(digest, 'd', sizeof(digest)); | 182 | explicit_bzero(digest, sizeof(digest)); |
183 | 183 | ||
184 | DSA_SIG_free(sig); | 184 | DSA_SIG_free(sig); |
185 | 185 | ||
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 10ad9da60..95b222446 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-ecdsa.c,v 1.8 2014/01/09 23:20:00 djm Exp $ */ | 1 | /* $OpenBSD: ssh-ecdsa.c,v 1.9 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -72,7 +72,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
72 | } | 72 | } |
73 | 73 | ||
74 | sig = ECDSA_do_sign(digest, dlen, key->ecdsa); | 74 | sig = ECDSA_do_sign(digest, dlen, key->ecdsa); |
75 | memset(digest, 'd', sizeof(digest)); | 75 | explicit_bzero(digest, sizeof(digest)); |
76 | 76 | ||
77 | if (sig == NULL) { | 77 | if (sig == NULL) { |
78 | error("%s: sign failed", __func__); | 78 | error("%s: sign failed", __func__); |
@@ -153,7 +153,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
153 | buffer_free(&bb); | 153 | buffer_free(&bb); |
154 | 154 | ||
155 | /* clean up */ | 155 | /* clean up */ |
156 | memset(sigblob, 0, len); | 156 | explicit_bzero(sigblob, len); |
157 | free(sigblob); | 157 | free(sigblob); |
158 | 158 | ||
159 | /* hash the data */ | 159 | /* hash the data */ |
@@ -169,7 +169,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
169 | } | 169 | } |
170 | 170 | ||
171 | ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); | 171 | ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); |
172 | memset(digest, 'd', sizeof(digest)); | 172 | explicit_bzero(digest, sizeof(digest)); |
173 | 173 | ||
174 | ECDSA_SIG_free(sig); | 174 | ECDSA_SIG_free(sig); |
175 | 175 | ||
diff --git a/ssh-ed25519.c b/ssh-ed25519.c index 1aedcf83a..56c480df2 100644 --- a/ssh-ed25519.c +++ b/ssh-ed25519.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-ed25519.c,v 1.1 2013/12/06 13:39:49 markus Exp $ */ | 1 | /* $OpenBSD: ssh-ed25519.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2013 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2013 Markus Friedl <markus@openbsd.org> |
4 | * | 4 | * |
@@ -66,7 +66,7 @@ ssh_ed25519_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
66 | memcpy(*sigp, buffer_ptr(&b), len); | 66 | memcpy(*sigp, buffer_ptr(&b), len); |
67 | } | 67 | } |
68 | buffer_free(&b); | 68 | buffer_free(&b); |
69 | memset(sig, 's', slen); | 69 | explicit_bzero(sig, slen); |
70 | free(sig); | 70 | free(sig); |
71 | 71 | ||
72 | return 0; | 72 | return 0; |
@@ -130,9 +130,9 @@ ssh_ed25519_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
130 | } | 130 | } |
131 | /* XXX compare 'm' and 'data' ? */ | 131 | /* XXX compare 'm' and 'data' ? */ |
132 | 132 | ||
133 | memset(sigblob, 's', len); | 133 | explicit_bzero(sigblob, len); |
134 | memset(sm, 'S', smlen); | 134 | explicit_bzero(sm, smlen); |
135 | memset(m, 'm', smlen); /* NB. mlen may be invalid if ret != 0 */ | 135 | explicit_bzero(m, smlen); /* NB. mlen may be invalid if ret != 0 */ |
136 | free(sigblob); | 136 | free(sigblob); |
137 | free(sm); | 137 | free(sm); |
138 | free(m); | 138 | free(m); |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 8140447f7..9f0310945 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.239 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.240 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -267,7 +267,7 @@ load_identity(char *filename) | |||
267 | pass = read_passphrase("Enter passphrase: ", | 267 | pass = read_passphrase("Enter passphrase: ", |
268 | RP_ALLOW_STDIN); | 268 | RP_ALLOW_STDIN); |
269 | prv = key_load_private(filename, pass, NULL); | 269 | prv = key_load_private(filename, pass, NULL); |
270 | memset(pass, 0, strlen(pass)); | 270 | explicit_bzero(pass, strlen(pass)); |
271 | free(pass); | 271 | free(pass); |
272 | } | 272 | } |
273 | return prv; | 273 | return prv; |
@@ -1258,7 +1258,7 @@ do_change_passphrase(struct passwd *pw) | |||
1258 | RP_ALLOW_STDIN); | 1258 | RP_ALLOW_STDIN); |
1259 | private = key_load_private(identity_file, old_passphrase, | 1259 | private = key_load_private(identity_file, old_passphrase, |
1260 | &comment); | 1260 | &comment); |
1261 | memset(old_passphrase, 0, strlen(old_passphrase)); | 1261 | explicit_bzero(old_passphrase, strlen(old_passphrase)); |
1262 | free(old_passphrase); | 1262 | free(old_passphrase); |
1263 | if (private == NULL) { | 1263 | if (private == NULL) { |
1264 | printf("Bad passphrase.\n"); | 1264 | printf("Bad passphrase.\n"); |
@@ -1280,15 +1280,15 @@ do_change_passphrase(struct passwd *pw) | |||
1280 | 1280 | ||
1281 | /* Verify that they are the same. */ | 1281 | /* Verify that they are the same. */ |
1282 | if (strcmp(passphrase1, passphrase2) != 0) { | 1282 | if (strcmp(passphrase1, passphrase2) != 0) { |
1283 | memset(passphrase1, 0, strlen(passphrase1)); | 1283 | explicit_bzero(passphrase1, strlen(passphrase1)); |
1284 | memset(passphrase2, 0, strlen(passphrase2)); | 1284 | explicit_bzero(passphrase2, strlen(passphrase2)); |
1285 | free(passphrase1); | 1285 | free(passphrase1); |
1286 | free(passphrase2); | 1286 | free(passphrase2); |
1287 | printf("Pass phrases do not match. Try again.\n"); | 1287 | printf("Pass phrases do not match. Try again.\n"); |
1288 | exit(1); | 1288 | exit(1); |
1289 | } | 1289 | } |
1290 | /* Destroy the other copy. */ | 1290 | /* Destroy the other copy. */ |
1291 | memset(passphrase2, 0, strlen(passphrase2)); | 1291 | explicit_bzero(passphrase2, strlen(passphrase2)); |
1292 | free(passphrase2); | 1292 | free(passphrase2); |
1293 | } | 1293 | } |
1294 | 1294 | ||
@@ -1296,14 +1296,14 @@ do_change_passphrase(struct passwd *pw) | |||
1296 | if (!key_save_private(private, identity_file, passphrase1, comment, | 1296 | if (!key_save_private(private, identity_file, passphrase1, comment, |
1297 | use_new_format, new_format_cipher, rounds)) { | 1297 | use_new_format, new_format_cipher, rounds)) { |
1298 | printf("Saving the key failed: %s.\n", identity_file); | 1298 | printf("Saving the key failed: %s.\n", identity_file); |
1299 | memset(passphrase1, 0, strlen(passphrase1)); | 1299 | explicit_bzero(passphrase1, strlen(passphrase1)); |
1300 | free(passphrase1); | 1300 | free(passphrase1); |
1301 | key_free(private); | 1301 | key_free(private); |
1302 | free(comment); | 1302 | free(comment); |
1303 | exit(1); | 1303 | exit(1); |
1304 | } | 1304 | } |
1305 | /* Destroy the passphrase and the copy of the key in memory. */ | 1305 | /* Destroy the passphrase and the copy of the key in memory. */ |
1306 | memset(passphrase1, 0, strlen(passphrase1)); | 1306 | explicit_bzero(passphrase1, strlen(passphrase1)); |
1307 | free(passphrase1); | 1307 | free(passphrase1); |
1308 | key_free(private); /* Destroys contents */ | 1308 | key_free(private); /* Destroys contents */ |
1309 | free(comment); | 1309 | free(comment); |
@@ -1375,7 +1375,7 @@ do_change_comment(struct passwd *pw) | |||
1375 | /* Try to load using the passphrase. */ | 1375 | /* Try to load using the passphrase. */ |
1376 | private = key_load_private(identity_file, passphrase, &comment); | 1376 | private = key_load_private(identity_file, passphrase, &comment); |
1377 | if (private == NULL) { | 1377 | if (private == NULL) { |
1378 | memset(passphrase, 0, strlen(passphrase)); | 1378 | explicit_bzero(passphrase, strlen(passphrase)); |
1379 | free(passphrase); | 1379 | free(passphrase); |
1380 | printf("Bad passphrase.\n"); | 1380 | printf("Bad passphrase.\n"); |
1381 | exit(1); | 1381 | exit(1); |
@@ -1396,7 +1396,7 @@ do_change_comment(struct passwd *pw) | |||
1396 | printf("Enter new comment: "); | 1396 | printf("Enter new comment: "); |
1397 | fflush(stdout); | 1397 | fflush(stdout); |
1398 | if (!fgets(new_comment, sizeof(new_comment), stdin)) { | 1398 | if (!fgets(new_comment, sizeof(new_comment), stdin)) { |
1399 | memset(passphrase, 0, strlen(passphrase)); | 1399 | explicit_bzero(passphrase, strlen(passphrase)); |
1400 | key_free(private); | 1400 | key_free(private); |
1401 | exit(1); | 1401 | exit(1); |
1402 | } | 1402 | } |
@@ -1407,13 +1407,13 @@ do_change_comment(struct passwd *pw) | |||
1407 | if (!key_save_private(private, identity_file, passphrase, new_comment, | 1407 | if (!key_save_private(private, identity_file, passphrase, new_comment, |
1408 | use_new_format, new_format_cipher, rounds)) { | 1408 | use_new_format, new_format_cipher, rounds)) { |
1409 | printf("Saving the key failed: %s.\n", identity_file); | 1409 | printf("Saving the key failed: %s.\n", identity_file); |
1410 | memset(passphrase, 0, strlen(passphrase)); | 1410 | explicit_bzero(passphrase, strlen(passphrase)); |
1411 | free(passphrase); | 1411 | free(passphrase); |
1412 | key_free(private); | 1412 | key_free(private); |
1413 | free(comment); | 1413 | free(comment); |
1414 | exit(1); | 1414 | exit(1); |
1415 | } | 1415 | } |
1416 | memset(passphrase, 0, strlen(passphrase)); | 1416 | explicit_bzero(passphrase, strlen(passphrase)); |
1417 | free(passphrase); | 1417 | free(passphrase); |
1418 | public = key_from_private(private); | 1418 | public = key_from_private(private); |
1419 | key_free(private); | 1419 | key_free(private); |
@@ -2632,15 +2632,15 @@ passphrase_again: | |||
2632 | * The passphrases do not match. Clear them and | 2632 | * The passphrases do not match. Clear them and |
2633 | * retry. | 2633 | * retry. |
2634 | */ | 2634 | */ |
2635 | memset(passphrase1, 0, strlen(passphrase1)); | 2635 | explicit_bzero(passphrase1, strlen(passphrase1)); |
2636 | memset(passphrase2, 0, strlen(passphrase2)); | 2636 | explicit_bzero(passphrase2, strlen(passphrase2)); |
2637 | free(passphrase1); | 2637 | free(passphrase1); |
2638 | free(passphrase2); | 2638 | free(passphrase2); |
2639 | printf("Passphrases do not match. Try again.\n"); | 2639 | printf("Passphrases do not match. Try again.\n"); |
2640 | goto passphrase_again; | 2640 | goto passphrase_again; |
2641 | } | 2641 | } |
2642 | /* Clear the other copy of the passphrase. */ | 2642 | /* Clear the other copy of the passphrase. */ |
2643 | memset(passphrase2, 0, strlen(passphrase2)); | 2643 | explicit_bzero(passphrase2, strlen(passphrase2)); |
2644 | free(passphrase2); | 2644 | free(passphrase2); |
2645 | } | 2645 | } |
2646 | 2646 | ||
@@ -2655,12 +2655,12 @@ passphrase_again: | |||
2655 | if (!key_save_private(private, identity_file, passphrase1, comment, | 2655 | if (!key_save_private(private, identity_file, passphrase1, comment, |
2656 | use_new_format, new_format_cipher, rounds)) { | 2656 | use_new_format, new_format_cipher, rounds)) { |
2657 | printf("Saving the key failed: %s.\n", identity_file); | 2657 | printf("Saving the key failed: %s.\n", identity_file); |
2658 | memset(passphrase1, 0, strlen(passphrase1)); | 2658 | explicit_bzero(passphrase1, strlen(passphrase1)); |
2659 | free(passphrase1); | 2659 | free(passphrase1); |
2660 | exit(1); | 2660 | exit(1); |
2661 | } | 2661 | } |
2662 | /* Clear the passphrase. */ | 2662 | /* Clear the passphrase. */ |
2663 | memset(passphrase1, 0, strlen(passphrase1)); | 2663 | explicit_bzero(passphrase1, strlen(passphrase1)); |
2664 | free(passphrase1); | 2664 | free(passphrase1); |
2665 | 2665 | ||
2666 | /* Clear the private key and the random number generator. */ | 2666 | /* Clear the private key and the random number generator. */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-rsa.c,v 1.50 2014/01/09 23:20:00 djm Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.51 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
4 | * | 4 | * |
@@ -70,7 +70,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
70 | sig = xmalloc(slen); | 70 | sig = xmalloc(slen); |
71 | 71 | ||
72 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); | 72 | ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); |
73 | memset(digest, 'd', sizeof(digest)); | 73 | explicit_bzero(digest, sizeof(digest)); |
74 | 74 | ||
75 | if (ok != 1) { | 75 | if (ok != 1) { |
76 | int ecode = ERR_get_error(); | 76 | int ecode = ERR_get_error(); |
@@ -84,7 +84,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
84 | u_int diff = slen - len; | 84 | u_int diff = slen - len; |
85 | debug("slen %u > len %u", slen, len); | 85 | debug("slen %u > len %u", slen, len); |
86 | memmove(sig + diff, sig, len); | 86 | memmove(sig + diff, sig, len); |
87 | memset(sig, 0, diff); | 87 | explicit_bzero(sig, diff); |
88 | } else if (len > slen) { | 88 | } else if (len > slen) { |
89 | error("%s: slen %u slen2 %u", __func__, slen, len); | 89 | error("%s: slen %u slen2 %u", __func__, slen, len); |
90 | free(sig); | 90 | free(sig); |
@@ -102,7 +102,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
102 | memcpy(*sigp, buffer_ptr(&b), len); | 102 | memcpy(*sigp, buffer_ptr(&b), len); |
103 | } | 103 | } |
104 | buffer_free(&b); | 104 | buffer_free(&b); |
105 | memset(sig, 's', slen); | 105 | explicit_bzero(sig, slen); |
106 | free(sig); | 106 | free(sig); |
107 | 107 | ||
108 | return 0; | 108 | return 0; |
@@ -161,7 +161,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
161 | modlen, len); | 161 | modlen, len); |
162 | sigblob = xrealloc(sigblob, 1, modlen); | 162 | sigblob = xrealloc(sigblob, 1, modlen); |
163 | memmove(sigblob + diff, sigblob, len); | 163 | memmove(sigblob + diff, sigblob, len); |
164 | memset(sigblob, 0, diff); | 164 | explicit_bzero(sigblob, diff); |
165 | len = modlen; | 165 | len = modlen; |
166 | } | 166 | } |
167 | /* hash the data */ | 167 | /* hash the data */ |
@@ -178,8 +178,8 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
178 | 178 | ||
179 | ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, | 179 | ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, |
180 | key->rsa); | 180 | key->rsa); |
181 | memset(digest, 'd', sizeof(digest)); | 181 | explicit_bzero(digest, sizeof(digest)); |
182 | memset(sigblob, 's', len); | 182 | explicit_bzero(sigblob, len); |
183 | free(sigblob); | 183 | free(sigblob); |
184 | debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : ""); | 184 | debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : ""); |
185 | return ret; | 185 | return ret; |
diff --git a/sshconnect.c b/sshconnect.c index d21781ea4..3781eaf3b 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.244 2014/01/09 23:26:48 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.245 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1299,7 +1299,7 @@ ssh_put_password(char *password) | |||
1299 | padded = xcalloc(1, size); | 1299 | padded = xcalloc(1, size); |
1300 | strlcpy(padded, password, size); | 1300 | strlcpy(padded, password, size); |
1301 | packet_put_string(padded, size); | 1301 | packet_put_string(padded, size); |
1302 | memset(padded, 0, size); | 1302 | explicit_bzero(padded, size); |
1303 | free(padded); | 1303 | free(padded); |
1304 | } | 1304 | } |
1305 | 1305 | ||
diff --git a/sshconnect1.c b/sshconnect1.c index 57713d24d..921408ec1 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect1.c,v 1.73 2014/01/27 19:18:54 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -120,7 +120,7 @@ try_agent_authentication(void) | |||
120 | * return a wrong value. | 120 | * return a wrong value. |
121 | */ | 121 | */ |
122 | logit("Authentication agent failed to decrypt challenge."); | 122 | logit("Authentication agent failed to decrypt challenge."); |
123 | memset(response, 0, sizeof(response)); | 123 | explicit_bzero(response, sizeof(response)); |
124 | } | 124 | } |
125 | key_free(key); | 125 | key_free(key); |
126 | debug("Sending response to RSA challenge."); | 126 | debug("Sending response to RSA challenge."); |
@@ -195,9 +195,9 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) | |||
195 | packet_send(); | 195 | packet_send(); |
196 | packet_write_wait(); | 196 | packet_write_wait(); |
197 | 197 | ||
198 | memset(buf, 0, sizeof(buf)); | 198 | explicit_bzero(buf, sizeof(buf)); |
199 | memset(response, 0, sizeof(response)); | 199 | explicit_bzero(response, sizeof(response)); |
200 | memset(&md, 0, sizeof(md)); | 200 | explicit_bzero(&md, sizeof(md)); |
201 | } | 201 | } |
202 | 202 | ||
203 | /* | 203 | /* |
@@ -271,7 +271,7 @@ try_rsa_authentication(int idx) | |||
271 | debug2("no passphrase given, try next key"); | 271 | debug2("no passphrase given, try next key"); |
272 | quit = 1; | 272 | quit = 1; |
273 | } | 273 | } |
274 | memset(passphrase, 0, strlen(passphrase)); | 274 | explicit_bzero(passphrase, strlen(passphrase)); |
275 | free(passphrase); | 275 | free(passphrase); |
276 | if (private != NULL || quit) | 276 | if (private != NULL || quit) |
277 | break; | 277 | break; |
@@ -427,7 +427,7 @@ try_challenge_response_authentication(void) | |||
427 | } | 427 | } |
428 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); | 428 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); |
429 | ssh_put_password(response); | 429 | ssh_put_password(response); |
430 | memset(response, 0, strlen(response)); | 430 | explicit_bzero(response, strlen(response)); |
431 | free(response); | 431 | free(response); |
432 | packet_send(); | 432 | packet_send(); |
433 | packet_write_wait(); | 433 | packet_write_wait(); |
@@ -460,7 +460,7 @@ try_password_authentication(char *prompt) | |||
460 | password = read_passphrase(prompt, 0); | 460 | password = read_passphrase(prompt, 0); |
461 | packet_start(SSH_CMSG_AUTH_PASSWORD); | 461 | packet_start(SSH_CMSG_AUTH_PASSWORD); |
462 | ssh_put_password(password); | 462 | ssh_put_password(password); |
463 | memset(password, 0, strlen(password)); | 463 | explicit_bzero(password, strlen(password)); |
464 | free(password); | 464 | free(password); |
465 | packet_send(); | 465 | packet_send(); |
466 | packet_write_wait(); | 466 | packet_write_wait(); |
@@ -652,8 +652,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr) | |||
652 | /* Set the encryption key. */ | 652 | /* Set the encryption key. */ |
653 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); | 653 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); |
654 | 654 | ||
655 | /* We will no longer need the session key here. Destroy any extra copies. */ | 655 | /* |
656 | memset(session_key, 0, sizeof(session_key)); | 656 | * We will no longer need the session key here. |
657 | * Destroy any extra copies. | ||
658 | */ | ||
659 | explicit_bzero(session_key, sizeof(session_key)); | ||
657 | 660 | ||
658 | /* | 661 | /* |
659 | * Expect a success message from the server. Note that this message | 662 | * Expect a success message from the server. Note that this message |
diff --git a/sshconnect2.c b/sshconnect2.c index c60a8511b..7f4ff4189 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.203 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -869,7 +869,7 @@ userauth_passwd(Authctxt *authctxt) | |||
869 | packet_put_cstring(authctxt->method->name); | 869 | packet_put_cstring(authctxt->method->name); |
870 | packet_put_char(0); | 870 | packet_put_char(0); |
871 | packet_put_cstring(password); | 871 | packet_put_cstring(password); |
872 | memset(password, 0, strlen(password)); | 872 | explicit_bzero(password, strlen(password)); |
873 | free(password); | 873 | free(password); |
874 | packet_add_padding(64); | 874 | packet_add_padding(64); |
875 | packet_send(); | 875 | packet_send(); |
@@ -915,7 +915,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | |||
915 | authctxt->server_user, host); | 915 | authctxt->server_user, host); |
916 | password = read_passphrase(prompt, 0); | 916 | password = read_passphrase(prompt, 0); |
917 | packet_put_cstring(password); | 917 | packet_put_cstring(password); |
918 | memset(password, 0, strlen(password)); | 918 | explicit_bzero(password, strlen(password)); |
919 | free(password); | 919 | free(password); |
920 | password = NULL; | 920 | password = NULL; |
921 | while (password == NULL) { | 921 | while (password == NULL) { |
@@ -932,16 +932,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | |||
932 | authctxt->server_user, host); | 932 | authctxt->server_user, host); |
933 | retype = read_passphrase(prompt, 0); | 933 | retype = read_passphrase(prompt, 0); |
934 | if (strcmp(password, retype) != 0) { | 934 | if (strcmp(password, retype) != 0) { |
935 | memset(password, 0, strlen(password)); | 935 | explicit_bzero(password, strlen(password)); |
936 | free(password); | 936 | free(password); |
937 | logit("Mismatch; try again, EOF to quit."); | 937 | logit("Mismatch; try again, EOF to quit."); |
938 | password = NULL; | 938 | password = NULL; |
939 | } | 939 | } |
940 | memset(retype, 0, strlen(retype)); | 940 | explicit_bzero(retype, strlen(retype)); |
941 | free(retype); | 941 | free(retype); |
942 | } | 942 | } |
943 | packet_put_cstring(password); | 943 | packet_put_cstring(password); |
944 | memset(password, 0, strlen(password)); | 944 | explicit_bzero(password, strlen(password)); |
945 | free(password); | 945 | free(password); |
946 | packet_add_padding(64); | 946 | packet_add_padding(64); |
947 | packet_send(); | 947 | packet_send(); |
@@ -1126,7 +1126,7 @@ load_identity_file(char *filename, int userprovided) | |||
1126 | debug2("no passphrase given, try next key"); | 1126 | debug2("no passphrase given, try next key"); |
1127 | quit = 1; | 1127 | quit = 1; |
1128 | } | 1128 | } |
1129 | memset(passphrase, 0, strlen(passphrase)); | 1129 | explicit_bzero(passphrase, strlen(passphrase)); |
1130 | free(passphrase); | 1130 | free(passphrase); |
1131 | if (private != NULL || quit) | 1131 | if (private != NULL || quit) |
1132 | break; | 1132 | break; |
@@ -1385,7 +1385,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) | |||
1385 | response = read_passphrase(prompt, echo ? RP_ECHO : 0); | 1385 | response = read_passphrase(prompt, echo ? RP_ECHO : 0); |
1386 | 1386 | ||
1387 | packet_put_cstring(response); | 1387 | packet_put_cstring(response); |
1388 | memset(response, 0, strlen(response)); | 1388 | explicit_bzero(response, strlen(response)); |
1389 | free(response); | 1389 | free(response); |
1390 | free(prompt); | 1390 | free(prompt); |
1391 | } | 1391 | } |
@@ -1555,7 +1555,7 @@ userauth_hostbased(Authctxt *authctxt) | |||
1555 | packet_put_cstring(chost); | 1555 | packet_put_cstring(chost); |
1556 | packet_put_cstring(authctxt->local_user); | 1556 | packet_put_cstring(authctxt->local_user); |
1557 | packet_put_string(signature, slen); | 1557 | packet_put_string(signature, slen); |
1558 | memset(signature, 's', slen); | 1558 | explicit_bzero(signature, slen); |
1559 | free(signature); | 1559 | free(signature); |
1560 | free(chost); | 1560 | free(chost); |
1561 | free(pkalg); | 1561 | free(pkalg); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.417 2014/01/31 16:39:19 tedu Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.418 2014/02/02 03:44:32 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -579,7 +579,7 @@ destroy_sensitive_data(void) | |||
579 | } | 579 | } |
580 | } | 580 | } |
581 | sensitive_data.ssh1_host_key = NULL; | 581 | sensitive_data.ssh1_host_key = NULL; |
582 | memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH); | 582 | explicit_bzero(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); |
583 | } | 583 | } |
584 | 584 | ||
585 | /* Demote private to public keys for network child */ | 585 | /* Demote private to public keys for network child */ |
@@ -1657,7 +1657,8 @@ main(int ac, char **av) | |||
1657 | fatal("Privilege separation user %s does not exist", | 1657 | fatal("Privilege separation user %s does not exist", |
1658 | SSH_PRIVSEP_USER); | 1658 | SSH_PRIVSEP_USER); |
1659 | } else { | 1659 | } else { |
1660 | memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); | 1660 | explicit_bzero(privsep_pw->pw_passwd, |
1661 | strlen(privsep_pw->pw_passwd)); | ||
1661 | privsep_pw = pwcopy(privsep_pw); | 1662 | privsep_pw = pwcopy(privsep_pw); |
1662 | free(privsep_pw->pw_passwd); | 1663 | free(privsep_pw->pw_passwd); |
1663 | privsep_pw->pw_passwd = xstrdup("*"); | 1664 | privsep_pw->pw_passwd = xstrdup("*"); |
@@ -2341,7 +2342,7 @@ do_ssh1_kex(void) | |||
2341 | get_remote_ipaddr(), len, (u_long)sizeof(session_key)); | 2342 | get_remote_ipaddr(), len, (u_long)sizeof(session_key)); |
2342 | rsafail++; | 2343 | rsafail++; |
2343 | } else { | 2344 | } else { |
2344 | memset(session_key, 0, sizeof(session_key)); | 2345 | explicit_bzero(session_key, sizeof(session_key)); |
2345 | BN_bn2bin(session_key_int, | 2346 | BN_bn2bin(session_key_int, |
2346 | session_key + sizeof(session_key) - len); | 2347 | session_key + sizeof(session_key) - len); |
2347 | 2348 | ||
@@ -2379,7 +2380,7 @@ do_ssh1_kex(void) | |||
2379 | sizeof(session_key) - 16) < 0) | 2380 | sizeof(session_key) - 16) < 0) |
2380 | fatal("%s: md5 failed", __func__); | 2381 | fatal("%s: md5 failed", __func__); |
2381 | ssh_digest_free(md); | 2382 | ssh_digest_free(md); |
2382 | memset(buf, 0, bytes); | 2383 | explicit_bzero(buf, bytes); |
2383 | free(buf); | 2384 | free(buf); |
2384 | for (i = 0; i < 16; i++) | 2385 | for (i = 0; i < 16; i++) |
2385 | session_id[i] = session_key[i] ^ session_key[i + 16]; | 2386 | session_id[i] = session_key[i] ^ session_key[i + 16]; |
@@ -2397,7 +2398,7 @@ do_ssh1_kex(void) | |||
2397 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); | 2398 | packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); |
2398 | 2399 | ||
2399 | /* Destroy our copy of the session key. It is no longer needed. */ | 2400 | /* Destroy our copy of the session key. It is no longer needed. */ |
2400 | memset(session_key, 0, sizeof(session_key)); | 2401 | explicit_bzero(session_key, sizeof(session_key)); |
2401 | 2402 | ||
2402 | debug("Received session key; encryption turned on."); | 2403 | debug("Received session key; encryption turned on."); |
2403 | 2404 | ||