1 files changed, 4 insertions, 4 deletions
diff --git a/cipher.c b/cipher.c
index 98961be1a..ee79a1ef4 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.95 2014/01/27 19:18:54 markus Exp $ */
+/* $OpenBSD: cipher.c,v 1.96 2014/02/02 03:44:31 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -337,7 +337,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
                if (EVP_Cipher(&cc->evp, discard, junk,
                    cipher->discard_len) == 0)
                        fatal("evp_crypt: EVP_Cipher failed during discard");
-                memset(discard, 0, cipher->discard_len);
+                explicit_bzero(discard, cipher->discard_len);
                free(junk);
                free(discard);
        }
@@ -422,7 +422,7 @@ void
 cipher_cleanup(CipherContext *cc)
 {
        if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
-                memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx));
+                explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
        else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
                error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
 }
@@ -444,7 +444,7 @@ cipher_set_key_string(CipherContext *cc, const Cipher *cipher,
        cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt);
-        memset(digest, 0, sizeof(digest));
+        explicit_bzero(digest, sizeof(digest));
 }
 /*

diff --git a/cipher.c b/cipher.c index 98961be1a..ee79a1ef4 100644 --- a/cipher.c +++ b/cipher.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cipher.c,v 1.95 2014/01/27 19:18:54 markus Exp $ */	1	/* $OpenBSD: cipher.c,v 1.96 2014/02/02 03:44:31 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -337,7 +337,7 @@ cipher_init(CipherContext cc, const Cipher cipher,
337	if (EVP_Cipher(&cc->evp, discard, junk,	337	if (EVP_Cipher(&cc->evp, discard, junk,
338	cipher->discard_len) == 0)	338	cipher->discard_len) == 0)
339	fatal("evp_crypt: EVP_Cipher failed during discard");	339	fatal("evp_crypt: EVP_Cipher failed during discard");
340	memset(discard, 0, cipher->discard_len);	340	explicit_bzero(discard, cipher->discard_len);
341	free(junk);	341	free(junk);
342	free(discard);	342	free(discard);
343	}	343	}
@@ -422,7 +422,7 @@ void
422	cipher_cleanup(CipherContext *cc)	422	cipher_cleanup(CipherContext *cc)
423	{	423	{
424	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)	424	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
425	memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx));	425	explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
426	else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)	426	else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
427	error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");	427	error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
428	}	428	}
@@ -444,7 +444,7 @@ cipher_set_key_string(CipherContext cc, const Cipher cipher,
444		444
445	cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt);	445	cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt);
446		446
447	memset(digest, 0, sizeof(digest));	447	explicit_bzero(digest, sizeof(digest));
448	}	448	}
449		449
450	/*	450	/*