1 files changed, 7 insertions, 7 deletions
diff --git a/ssh-rsa.c b/ssh-rsa.c
index a2112d033..c6f25b3ee 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.50 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.51 2014/02/02 03:44:31 djm Exp $ */
 /*
 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
 *
@@ -70,7 +70,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
        sig = xmalloc(slen);
        ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
-        memset(digest, 'd', sizeof(digest));
+        explicit_bzero(digest, sizeof(digest));
        if (ok != 1) {
                int ecode = ERR_get_error();
@@ -84,7 +84,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
                u_int diff = slen - len;
                debug("slen %u > len %u", slen, len);
                memmove(sig + diff, sig, len);
-                memset(sig, 0, diff);
+                explicit_bzero(sig, diff);
        } else if (len > slen) {
                error("%s: slen %u slen2 %u", __func__, slen, len);
                free(sig);
@@ -102,7 +102,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
                memcpy(*sigp, buffer_ptr(&b), len);
        }
        buffer_free(&b);
-        memset(sig, 's', slen);
+        explicit_bzero(sig, slen);
        free(sig);
        return 0;
@@ -161,7 +161,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
                    modlen, len);
                sigblob = xrealloc(sigblob, 1, modlen);
                memmove(sigblob + diff, sigblob, len);
-                memset(sigblob, 0, diff);
+                explicit_bzero(sigblob, diff);
                len = modlen;
        }
        /* hash the data */
@@ -178,8 +178,8 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
        ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,
            key->rsa);
-        memset(digest, 'd', sizeof(digest));
+        explicit_bzero(digest, sizeof(digest));
-        memset(sigblob, 's', len);
+        explicit_bzero(sigblob, len);
        free(sigblob);
        debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : "");
        return ret;

diff --git a/ssh-rsa.c b/ssh-rsa.c index a2112d033..c6f25b3ee 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-rsa.c,v 1.50 2014/01/09 23:20:00 djm Exp $ */	1	/* $OpenBSD: ssh-rsa.c,v 1.51 2014/02/02 03:44:31 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>	3	* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
4	*	4	*
@@ -70,7 +70,7 @@ ssh_rsa_sign(const Key key, u_char sigp, u_int lenp,
70	sig = xmalloc(slen);	70	sig = xmalloc(slen);
71		71
72	ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);	72	ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
73	memset(digest, 'd', sizeof(digest));	73	explicit_bzero(digest, sizeof(digest));
74		74
75	if (ok != 1) {	75	if (ok != 1) {
76	int ecode = ERR_get_error();	76	int ecode = ERR_get_error();
@@ -84,7 +84,7 @@ ssh_rsa_sign(const Key key, u_char sigp, u_int lenp,
84	u_int diff = slen - len;	84	u_int diff = slen - len;
85	debug("slen %u > len %u", slen, len);	85	debug("slen %u > len %u", slen, len);
86	memmove(sig + diff, sig, len);	86	memmove(sig + diff, sig, len);
87	memset(sig, 0, diff);	87	explicit_bzero(sig, diff);
88	} else if (len > slen) {	88	} else if (len > slen) {
89	error("%s: slen %u slen2 %u", __func__, slen, len);	89	error("%s: slen %u slen2 %u", __func__, slen, len);
90	free(sig);	90	free(sig);
@@ -102,7 +102,7 @@ ssh_rsa_sign(const Key key, u_char sigp, u_int lenp,
102	memcpy(*sigp, buffer_ptr(&b), len);	102	memcpy(*sigp, buffer_ptr(&b), len);
103	}	103	}
104	buffer_free(&b);	104	buffer_free(&b);
105	memset(sig, 's', slen);	105	explicit_bzero(sig, slen);
106	free(sig);	106	free(sig);
107		107
108	return 0;	108	return 0;
@@ -161,7 +161,7 @@ ssh_rsa_verify(const Key key, const u_char signature, u_int signaturelen,
161	modlen, len);	161	modlen, len);
162	sigblob = xrealloc(sigblob, 1, modlen);	162	sigblob = xrealloc(sigblob, 1, modlen);
163	memmove(sigblob + diff, sigblob, len);	163	memmove(sigblob + diff, sigblob, len);
164	memset(sigblob, 0, diff);	164	explicit_bzero(sigblob, diff);
165	len = modlen;	165	len = modlen;
166	}	166	}
167	/* hash the data */	167	/* hash the data */
@@ -178,8 +178,8 @@ ssh_rsa_verify(const Key key, const u_char signature, u_int signaturelen,
178		178
179	ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,	179	ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,
180	key->rsa);	180	key->rsa);
181	memset(digest, 'd', sizeof(digest));	181	explicit_bzero(digest, sizeof(digest));
182	memset(sigblob, 's', len);	182	explicit_bzero(sigblob, len);
183	free(sigblob);	183	free(sigblob);
184	debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : "");	184	debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : "");
185	return ret;	185	return ret;