summaryrefslogtreecommitdiff
path: root/authfile.c
diff options
context:
space:
mode:
Diffstat (limited to 'authfile.c')
-rw-r--r--authfile.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/authfile.c b/authfile.c
index 7eccbb2c9..d7eaa9dec 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.101 2013/12/29 04:35:50 djm Exp $ */ 1/* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -131,7 +131,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
131 buffer_put_int(&kdf, rounds); 131 buffer_put_int(&kdf, rounds);
132 } 132 }
133 cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1); 133 cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);
134 memset(key, 0, keylen + ivlen); 134 explicit_bzero(key, keylen + ivlen);
135 free(key); 135 free(key);
136 136
137 buffer_init(&encoded); 137 buffer_init(&encoded);
@@ -143,7 +143,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
143 key_to_blob(prv, &cp, &len); /* public key */ 143 key_to_blob(prv, &cp, &len); /* public key */
144 buffer_put_string(&encoded, cp, len); 144 buffer_put_string(&encoded, cp, len);
145 145
146 memset(cp, 0, len); 146 explicit_bzero(cp, len);
147 free(cp); 147 free(cp);
148 148
149 buffer_free(&kdf); 149 buffer_free(&kdf);
@@ -409,7 +409,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase,
409 free(salt); 409 free(salt);
410 free(comment); 410 free(comment);
411 if (key) 411 if (key)
412 memset(key, 0, keylen + ivlen); 412 explicit_bzero(key, keylen + ivlen);
413 free(key); 413 free(key);
414 buffer_free(&encoded); 414 buffer_free(&encoded);
415 buffer_free(&copy); 415 buffer_free(&copy);
@@ -496,10 +496,10 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
496 buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0) 496 buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)
497 fatal("%s: cipher_crypt failed", __func__); 497 fatal("%s: cipher_crypt failed", __func__);
498 cipher_cleanup(&ciphercontext); 498 cipher_cleanup(&ciphercontext);
499 memset(&ciphercontext, 0, sizeof(ciphercontext)); 499 explicit_bzero(&ciphercontext, sizeof(ciphercontext));
500 500
501 /* Destroy temporary data. */ 501 /* Destroy temporary data. */
502 memset(buf, 0, sizeof(buf)); 502 explicit_bzero(buf, sizeof(buf));
503 buffer_free(&buffer); 503 buffer_free(&buffer);
504 504
505 buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); 505 buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
@@ -703,17 +703,17 @@ key_load_file(int fd, const char *filename, Buffer *blob)
703 __func__, filename == NULL ? "" : filename, 703 __func__, filename == NULL ? "" : filename,
704 filename == NULL ? "" : " ", strerror(errno)); 704 filename == NULL ? "" : " ", strerror(errno));
705 buffer_clear(blob); 705 buffer_clear(blob);
706 bzero(buf, sizeof(buf)); 706 explicit_bzero(buf, sizeof(buf));
707 return 0; 707 return 0;
708 } 708 }
709 buffer_append(blob, buf, len); 709 buffer_append(blob, buf, len);
710 if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { 710 if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
711 buffer_clear(blob); 711 buffer_clear(blob);
712 bzero(buf, sizeof(buf)); 712 explicit_bzero(buf, sizeof(buf));
713 goto toobig; 713 goto toobig;
714 } 714 }
715 } 715 }
716 bzero(buf, sizeof(buf)); 716 explicit_bzero(buf, sizeof(buf));
717 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 717 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
718 st.st_size != buffer_len(blob)) { 718 st.st_size != buffer_len(blob)) {
719 debug("%s: key file %.200s%schanged size while reading", 719 debug("%s: key file %.200s%schanged size while reading",
@@ -831,7 +831,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
831 buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0) 831 buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0)
832 fatal("%s: cipher_crypt failed", __func__); 832 fatal("%s: cipher_crypt failed", __func__);
833 cipher_cleanup(&ciphercontext); 833 cipher_cleanup(&ciphercontext);
834 memset(&ciphercontext, 0, sizeof(ciphercontext)); 834 explicit_bzero(&ciphercontext, sizeof(ciphercontext));
835 buffer_free(&copy); 835 buffer_free(&copy);
836 836
837 check1 = buffer_get_char(&decrypted); 837 check1 = buffer_get_char(&decrypted);