diff options
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/authfile.c b/authfile.c index 7eccbb2c9..d7eaa9dec 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.101 2013/12/29 04:35:50 djm Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -131,7 +131,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase, | |||
131 | buffer_put_int(&kdf, rounds); | 131 | buffer_put_int(&kdf, rounds); |
132 | } | 132 | } |
133 | cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1); | 133 | cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1); |
134 | memset(key, 0, keylen + ivlen); | 134 | explicit_bzero(key, keylen + ivlen); |
135 | free(key); | 135 | free(key); |
136 | 136 | ||
137 | buffer_init(&encoded); | 137 | buffer_init(&encoded); |
@@ -143,7 +143,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase, | |||
143 | key_to_blob(prv, &cp, &len); /* public key */ | 143 | key_to_blob(prv, &cp, &len); /* public key */ |
144 | buffer_put_string(&encoded, cp, len); | 144 | buffer_put_string(&encoded, cp, len); |
145 | 145 | ||
146 | memset(cp, 0, len); | 146 | explicit_bzero(cp, len); |
147 | free(cp); | 147 | free(cp); |
148 | 148 | ||
149 | buffer_free(&kdf); | 149 | buffer_free(&kdf); |
@@ -409,7 +409,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase, | |||
409 | free(salt); | 409 | free(salt); |
410 | free(comment); | 410 | free(comment); |
411 | if (key) | 411 | if (key) |
412 | memset(key, 0, keylen + ivlen); | 412 | explicit_bzero(key, keylen + ivlen); |
413 | free(key); | 413 | free(key); |
414 | buffer_free(&encoded); | 414 | buffer_free(&encoded); |
415 | buffer_free(©); | 415 | buffer_free(©); |
@@ -496,10 +496,10 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, | |||
496 | buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0) | 496 | buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0) |
497 | fatal("%s: cipher_crypt failed", __func__); | 497 | fatal("%s: cipher_crypt failed", __func__); |
498 | cipher_cleanup(&ciphercontext); | 498 | cipher_cleanup(&ciphercontext); |
499 | memset(&ciphercontext, 0, sizeof(ciphercontext)); | 499 | explicit_bzero(&ciphercontext, sizeof(ciphercontext)); |
500 | 500 | ||
501 | /* Destroy temporary data. */ | 501 | /* Destroy temporary data. */ |
502 | memset(buf, 0, sizeof(buf)); | 502 | explicit_bzero(buf, sizeof(buf)); |
503 | buffer_free(&buffer); | 503 | buffer_free(&buffer); |
504 | 504 | ||
505 | buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); | 505 | buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); |
@@ -703,17 +703,17 @@ key_load_file(int fd, const char *filename, Buffer *blob) | |||
703 | __func__, filename == NULL ? "" : filename, | 703 | __func__, filename == NULL ? "" : filename, |
704 | filename == NULL ? "" : " ", strerror(errno)); | 704 | filename == NULL ? "" : " ", strerror(errno)); |
705 | buffer_clear(blob); | 705 | buffer_clear(blob); |
706 | bzero(buf, sizeof(buf)); | 706 | explicit_bzero(buf, sizeof(buf)); |
707 | return 0; | 707 | return 0; |
708 | } | 708 | } |
709 | buffer_append(blob, buf, len); | 709 | buffer_append(blob, buf, len); |
710 | if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { | 710 | if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { |
711 | buffer_clear(blob); | 711 | buffer_clear(blob); |
712 | bzero(buf, sizeof(buf)); | 712 | explicit_bzero(buf, sizeof(buf)); |
713 | goto toobig; | 713 | goto toobig; |
714 | } | 714 | } |
715 | } | 715 | } |
716 | bzero(buf, sizeof(buf)); | 716 | explicit_bzero(buf, sizeof(buf)); |
717 | if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && | 717 | if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && |
718 | st.st_size != buffer_len(blob)) { | 718 | st.st_size != buffer_len(blob)) { |
719 | debug("%s: key file %.200s%schanged size while reading", | 719 | debug("%s: key file %.200s%schanged size while reading", |
@@ -831,7 +831,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) | |||
831 | buffer_ptr(©), buffer_len(©), 0, 0) != 0) | 831 | buffer_ptr(©), buffer_len(©), 0, 0) != 0) |
832 | fatal("%s: cipher_crypt failed", __func__); | 832 | fatal("%s: cipher_crypt failed", __func__); |
833 | cipher_cleanup(&ciphercontext); | 833 | cipher_cleanup(&ciphercontext); |
834 | memset(&ciphercontext, 0, sizeof(ciphercontext)); | 834 | explicit_bzero(&ciphercontext, sizeof(ciphercontext)); |
835 | buffer_free(©); | 835 | buffer_free(©); |
836 | 836 | ||
837 | check1 = buffer_get_char(&decrypted); | 837 | check1 = buffer_get_char(&decrypted); |