1 files changed, 10 insertions, 10 deletions
diff --git a/authfile.c b/authfile.c
index 7eccbb2c9..d7eaa9dec 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.101 2013/12/29 04:35:50 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -131,7 +131,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
                buffer_put_int(&kdf, rounds);
        }
        cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);
-        memset(key, 0, keylen + ivlen);
+        explicit_bzero(key, keylen + ivlen);
        free(key);
        buffer_init(&encoded);
@@ -143,7 +143,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
        key_to_blob(prv, &cp, &len);                    /* public key */
        buffer_put_string(&encoded, cp, len);
-        memset(cp, 0, len);
+        explicit_bzero(cp, len);
        free(cp);
        buffer_free(&kdf);
@@ -409,7 +409,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase,
        free(salt);
        free(comment);
        if (key)
-                memset(key, 0, keylen + ivlen);
+                explicit_bzero(key, keylen + ivlen);
        free(key);
        buffer_free(&encoded);
        buffer_free(&copy);
@@ -496,10 +496,10 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
            buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)
                fatal("%s: cipher_crypt failed", __func__);
        cipher_cleanup(&ciphercontext);
-        memset(&ciphercontext, 0, sizeof(ciphercontext));
+        explicit_bzero(&ciphercontext, sizeof(ciphercontext));
        /* Destroy temporary data. */
-        memset(buf, 0, sizeof(buf));
+        explicit_bzero(buf, sizeof(buf));
        buffer_free(&buffer);
        buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
@@ -703,17 +703,17 @@ key_load_file(int fd, const char *filename, Buffer *blob)
                            __func__, filename == NULL ? "" : filename,
                            filename == NULL ? "" : " ", strerror(errno));
                        buffer_clear(blob);
-                        bzero(buf, sizeof(buf));
+                        explicit_bzero(buf, sizeof(buf));
                        return 0;
                }
                buffer_append(blob, buf, len);
                if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
                        buffer_clear(blob);
-                        bzero(buf, sizeof(buf));
+                        explicit_bzero(buf, sizeof(buf));
                        goto toobig;
                }
        }
-        bzero(buf, sizeof(buf));
+        explicit_bzero(buf, sizeof(buf));
        if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
            st.st_size != buffer_len(blob)) {
                debug("%s: key file %.200s%schanged size while reading",
@@ -831,7 +831,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
            buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0)
                fatal("%s: cipher_crypt failed", __func__);
        cipher_cleanup(&ciphercontext);
-        memset(&ciphercontext, 0, sizeof(ciphercontext));
+        explicit_bzero(&ciphercontext, sizeof(ciphercontext));
        buffer_free(&copy);
        check1 = buffer_get_char(&decrypted);

diff --git a/authfile.c b/authfile.c index 7eccbb2c9..d7eaa9dec 100644 --- a/authfile.c +++ b/authfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.c,v 1.101 2013/12/29 04:35:50 djm Exp $ */	1	/* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -131,7 +131,7 @@ key_private_to_blob2(Key prv, Buffer blob, const char *passphrase,
131	buffer_put_int(&kdf, rounds);	131	buffer_put_int(&kdf, rounds);
132	}	132	}
133	cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);	133	cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);
134	memset(key, 0, keylen + ivlen);	134	explicit_bzero(key, keylen + ivlen);
135	free(key);	135	free(key);
136		136
137	buffer_init(&encoded);	137	buffer_init(&encoded);
@@ -143,7 +143,7 @@ key_private_to_blob2(Key prv, Buffer blob, const char *passphrase,
143	key_to_blob(prv, &cp, &len); /* public key */	143	key_to_blob(prv, &cp, &len); /* public key */
144	buffer_put_string(&encoded, cp, len);	144	buffer_put_string(&encoded, cp, len);
145		145
146	memset(cp, 0, len);	146	explicit_bzero(cp, len);
147	free(cp);	147	free(cp);
148		148
149	buffer_free(&kdf);	149	buffer_free(&kdf);
@@ -409,7 +409,7 @@ key_parse_private2(Buffer blob, int type, const char passphrase,
409	free(salt);	409	free(salt);
410	free(comment);	410	free(comment);
411	if (key)	411	if (key)
412	memset(key, 0, keylen + ivlen);	412	explicit_bzero(key, keylen + ivlen);
413	free(key);	413	free(key);
414	buffer_free(&encoded);	414	buffer_free(&encoded);
415	buffer_free(&copy);	415	buffer_free(&copy);
@@ -496,10 +496,10 @@ key_private_rsa1_to_blob(Key key, Buffer blob, const char *passphrase,
496	buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)	496	buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)
497	fatal("%s: cipher_crypt failed", __func__);	497	fatal("%s: cipher_crypt failed", __func__);
498	cipher_cleanup(&ciphercontext);	498	cipher_cleanup(&ciphercontext);
499	memset(&ciphercontext, 0, sizeof(ciphercontext));	499	explicit_bzero(&ciphercontext, sizeof(ciphercontext));
500		500
501	/* Destroy temporary data. */	501	/* Destroy temporary data. */
502	memset(buf, 0, sizeof(buf));	502	explicit_bzero(buf, sizeof(buf));
503	buffer_free(&buffer);	503	buffer_free(&buffer);
504		504
505	buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));	505	buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
@@ -703,17 +703,17 @@ key_load_file(int fd, const char filename, Buffer blob)
703	__func__, filename == NULL ? "" : filename,	703	__func__, filename == NULL ? "" : filename,
704	filename == NULL ? "" : " ", strerror(errno));	704	filename == NULL ? "" : " ", strerror(errno));
705	buffer_clear(blob);	705	buffer_clear(blob);
706	bzero(buf, sizeof(buf));	706	explicit_bzero(buf, sizeof(buf));
707	return 0;	707	return 0;
708	}	708	}
709	buffer_append(blob, buf, len);	709	buffer_append(blob, buf, len);
710	if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {	710	if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
711	buffer_clear(blob);	711	buffer_clear(blob);
712	bzero(buf, sizeof(buf));	712	explicit_bzero(buf, sizeof(buf));
713	goto toobig;	713	goto toobig;
714	}	714	}
715	}	715	}
716	bzero(buf, sizeof(buf));	716	explicit_bzero(buf, sizeof(buf));
717	if ((st.st_mode & (S_IFSOCK\|S_IFCHR\|S_IFIFO)) == 0 &&	717	if ((st.st_mode & (S_IFSOCK\|S_IFCHR\|S_IFIFO)) == 0 &&
718	st.st_size != buffer_len(blob)) {	718	st.st_size != buffer_len(blob)) {
719	debug("%s: key file %.200s%schanged size while reading",	719	debug("%s: key file %.200s%schanged size while reading",
@@ -831,7 +831,7 @@ key_parse_private_rsa1(Buffer blob, const char passphrase, char **commentp)
831	buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0)	831	buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0)
832	fatal("%s: cipher_crypt failed", __func__);	832	fatal("%s: cipher_crypt failed", __func__);
833	cipher_cleanup(&ciphercontext);	833	cipher_cleanup(&ciphercontext);
834	memset(&ciphercontext, 0, sizeof(ciphercontext));	834	explicit_bzero(&ciphercontext, sizeof(ciphercontext));
835	buffer_free(&copy);	835	buffer_free(&copy);
836		836
837	check1 = buffer_get_char(&decrypted);	837	check1 = buffer_get_char(&decrypted);