1 files changed, 6 insertions, 6 deletions
diff --git a/key.c b/key.c
index 7ac844c66..3d640e79f 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.115 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: key.c,v 1.116 2014/02/02 03:44:31 djm Exp $ */
 /*
 * read_bignum():
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -242,12 +242,12 @@ key_free(Key *k)
        case KEY_ED25519:
        case KEY_ED25519_CERT:
                if (k->ed25519_pk) {
-                        memset(k->ed25519_pk, 0, ED25519_PK_SZ);
+                        explicit_bzero(k->ed25519_pk, ED25519_PK_SZ);
                        free(k->ed25519_pk);
                        k->ed25519_pk = NULL;
                }
                if (k->ed25519_sk) {
-                        memset(k->ed25519_sk, 0, ED25519_SK_SZ);
+                        explicit_bzero(k->ed25519_sk, ED25519_SK_SZ);
                        free(k->ed25519_sk);
                        k->ed25519_sk = NULL;
                }
@@ -415,7 +415,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
                if ((ssh_digest_memory(hash_alg, blob, len,
                    retval, SSH_DIGEST_MAX_LENGTH)) != 0)
                        fatal("%s: digest_memory failed", __func__);
-                memset(blob, 0, len);
+                explicit_bzero(blob, len);
                free(blob);
                *dgst_raw_length = ssh_digest_bytes(hash_alg);
        } else {
@@ -623,7 +623,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
                    dgst_rep);
                break;
        }
-        memset(dgst_raw, 0, dgst_raw_len);
+        explicit_bzero(dgst_raw, dgst_raw_len);
        free(dgst_raw);
        return retval;
 }
@@ -1745,7 +1745,7 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain)
                *blobp = xmalloc(len);
                memcpy(*blobp, buffer_ptr(&b), len);
        }
-        memset(buffer_ptr(&b), 0, len);
+        explicit_bzero(buffer_ptr(&b), len);
        buffer_free(&b);
        return len;
 }

diff --git a/key.c b/key.c index 7ac844c66..3d640e79f 100644 --- a/key.c +++ b/key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: key.c,v 1.115 2014/01/09 23:20:00 djm Exp $ */	1	/* $OpenBSD: key.c,v 1.116 2014/02/02 03:44:31 djm Exp $ */
2	/*	2	/*
3	* read_bignum():	3	* read_bignum():
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -242,12 +242,12 @@ key_free(Key *k)
242	case KEY_ED25519:	242	case KEY_ED25519:
243	case KEY_ED25519_CERT:	243	case KEY_ED25519_CERT:
244	if (k->ed25519_pk) {	244	if (k->ed25519_pk) {
245	memset(k->ed25519_pk, 0, ED25519_PK_SZ);	245	explicit_bzero(k->ed25519_pk, ED25519_PK_SZ);
246	free(k->ed25519_pk);	246	free(k->ed25519_pk);
247	k->ed25519_pk = NULL;	247	k->ed25519_pk = NULL;
248	}	248	}
249	if (k->ed25519_sk) {	249	if (k->ed25519_sk) {
250	memset(k->ed25519_sk, 0, ED25519_SK_SZ);	250	explicit_bzero(k->ed25519_sk, ED25519_SK_SZ);
251	free(k->ed25519_sk);	251	free(k->ed25519_sk);
252	k->ed25519_sk = NULL;	252	k->ed25519_sk = NULL;
253	}	253	}
@@ -415,7 +415,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
415	if ((ssh_digest_memory(hash_alg, blob, len,	415	if ((ssh_digest_memory(hash_alg, blob, len,
416	retval, SSH_DIGEST_MAX_LENGTH)) != 0)	416	retval, SSH_DIGEST_MAX_LENGTH)) != 0)
417	fatal("%s: digest_memory failed", __func__);	417	fatal("%s: digest_memory failed", __func__);
418	memset(blob, 0, len);	418	explicit_bzero(blob, len);
419	free(blob);	419	free(blob);
420	*dgst_raw_length = ssh_digest_bytes(hash_alg);	420	*dgst_raw_length = ssh_digest_bytes(hash_alg);
421	} else {	421	} else {
@@ -623,7 +623,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
623	dgst_rep);	623	dgst_rep);
624	break;	624	break;
625	}	625	}
626	memset(dgst_raw, 0, dgst_raw_len);	626	explicit_bzero(dgst_raw, dgst_raw_len);
627	free(dgst_raw);	627	free(dgst_raw);
628	return retval;	628	return retval;
629	}	629	}
@@ -1745,7 +1745,7 @@ to_blob(const Key key, u_char blobp, u_int lenp, int force_plain)
1745	*blobp = xmalloc(len);	1745	*blobp = xmalloc(len);
1746	memcpy(*blobp, buffer_ptr(&b), len);	1746	memcpy(*blobp, buffer_ptr(&b), len);
1747	}	1747	}
1748	memset(buffer_ptr(&b), 0, len);	1748	explicit_bzero(buffer_ptr(&b), len);
1749	buffer_free(&b);	1749	buffer_free(&b);
1750	return len;	1750	return len;
1751	}	1751	}