From 1d2c4564265ee827147af246a16f3777741411ed Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 4 Feb 2014 11:18:20 +1100 Subject: - tedu@cvs.openbsd.org 2014/01/31 16:39:19 [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker --- authfile.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'authfile.c') diff --git a/authfile.c b/authfile.c index 7eccbb2c9..22da0eb05 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.101 2013/12/29 04:35:50 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.102 2014/01/31 16:39:19 tedu Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -703,17 +703,17 @@ key_load_file(int fd, const char *filename, Buffer *blob) __func__, filename == NULL ? "" : filename, filename == NULL ? "" : " ", strerror(errno)); buffer_clear(blob); - bzero(buf, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return 0; } buffer_append(blob, buf, len); if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { buffer_clear(blob); - bzero(buf, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); goto toobig; } } - bzero(buf, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size != buffer_len(blob)) { debug("%s: key file %.200s%schanged size while reading", -- cgit v1.2.3 From a5103f413bde6f31bff85d6e1fd29799c647d765 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 4 Feb 2014 11:20:14 +1100 Subject: - djm@cvs.openbsd.org 2014/02/02 03:44:32 [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c] convert memset of potentially-private data to explicit_bzero() --- ChangeLog | 9 +++++++++ auth1.c | 6 +++--- auth2-chall.c | 4 ++-- auth2-passwd.c | 6 +++--- authfile.c | 14 +++++++------- bufaux.c | 6 +++--- bufbn.c | 6 +++--- buffer.c | 4 ++-- cipher-3des1.c | 6 +++--- cipher.c | 8 ++++---- clientloop.c | 6 +++--- gss-serv.c | 5 +++-- kex.c | 6 +++--- kexdhc.c | 4 ++-- kexdhs.c | 4 ++-- kexecdhc.c | 4 ++-- kexecdhs.c | 4 ++-- kexgexc.c | 4 ++-- kexgexs.c | 4 ++-- key.c | 12 ++++++------ monitor.c | 8 ++++---- monitor_wrap.c | 6 +++--- packet.c | 16 ++++++++-------- readpass.c | 8 ++++---- rsa.c | 10 +++++----- serverloop.c | 4 ++-- ssh-add.c | 8 ++++---- ssh-agent.c | 6 +++--- ssh-dss.c | 10 +++++----- ssh-ecdsa.c | 8 ++++---- ssh-ed25519.c | 10 +++++----- ssh-keygen.c | 34 +++++++++++++++++----------------- ssh-rsa.c | 14 +++++++------- sshconnect.c | 4 ++-- sshconnect1.c | 23 +++++++++++++---------- sshconnect2.c | 18 +++++++++--------- sshd.c | 13 +++++++------ 37 files changed, 168 insertions(+), 154 deletions(-) (limited to 'authfile.c') diff --git a/ChangeLog b/ChangeLog index a3f75a8d2..d5ea77c1f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -44,6 +44,15 @@ [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] replace most bzero with explicit_bzero, except a few that cna be memset ok djm dtucker + - djm@cvs.openbsd.org 2014/02/02 03:44:32 + [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] + [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] + [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] + [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] + [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] + [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] + [sshd.c] + convert memset of potentially-private data to explicit_bzero() 20140131 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) diff --git a/auth1.c b/auth1.c index f1ac59814..0f870b3b6 100644 --- a/auth1.c +++ b/auth1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */ +/* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -129,7 +129,7 @@ auth1_process_password(Authctxt *authctxt) /* Try authentication with the password. */ authenticated = PRIVSEP(auth_password(authctxt, password)); - memset(password, 0, dlen); + explicit_bzero(password, dlen); free(password); return (authenticated); @@ -222,7 +222,7 @@ auth1_process_tis_response(Authctxt *authctxt) response = packet_get_string(&dlen); packet_check_eom(); authenticated = verify_response(authctxt, response); - memset(response, 'r', dlen); + explicit_bzero(response, dlen); free(response); return (authenticated); diff --git a/auth2-chall.c b/auth2-chall.c index 4cfd8ff5b..980250a91 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.40 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.41 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -312,7 +312,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); for (i = 0; i < nresp; i++) { - memset(response[i], 'r', strlen(response[i])); + explicit_bzero(response[i], strlen(response[i])); free(response[i]); } free(response); diff --git a/auth2-passwd.c b/auth2-passwd.c index 21bc5047d..707680cd0 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */ +/* $OpenBSD: auth2-passwd.c,v 1.11 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -59,7 +59,7 @@ userauth_passwd(Authctxt *authctxt) if (change) { /* discard new password from packet */ newpass = packet_get_string(&newlen); - memset(newpass, 0, newlen); + explicit_bzero(newpass, newlen); free(newpass); } packet_check_eom(); @@ -68,7 +68,7 @@ userauth_passwd(Authctxt *authctxt) logit("password change not supported"); else if (PRIVSEP(auth_password(authctxt, password)) == 1) authenticated = 1; - memset(password, 0, len); + explicit_bzero(password, len); free(password); return authenticated; } diff --git a/authfile.c b/authfile.c index 22da0eb05..d7eaa9dec 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.102 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -131,7 +131,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase, buffer_put_int(&kdf, rounds); } cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1); - memset(key, 0, keylen + ivlen); + explicit_bzero(key, keylen + ivlen); free(key); buffer_init(&encoded); @@ -143,7 +143,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase, key_to_blob(prv, &cp, &len); /* public key */ buffer_put_string(&encoded, cp, len); - memset(cp, 0, len); + explicit_bzero(cp, len); free(cp); buffer_free(&kdf); @@ -409,7 +409,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase, free(salt); free(comment); if (key) - memset(key, 0, keylen + ivlen); + explicit_bzero(key, keylen + ivlen); free(key); buffer_free(&encoded); buffer_free(©); @@ -496,10 +496,10 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0) fatal("%s: cipher_crypt failed", __func__); cipher_cleanup(&ciphercontext); - memset(&ciphercontext, 0, sizeof(ciphercontext)); + explicit_bzero(&ciphercontext, sizeof(ciphercontext)); /* Destroy temporary data. */ - memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); buffer_free(&buffer); buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted)); @@ -831,7 +831,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) buffer_ptr(©), buffer_len(©), 0, 0) != 0) fatal("%s: cipher_crypt failed", __func__); cipher_cleanup(&ciphercontext); - memset(&ciphercontext, 0, sizeof(ciphercontext)); + explicit_bzero(&ciphercontext, sizeof(ciphercontext)); buffer_free(©); check1 = buffer_get_char(&decrypted); diff --git a/bufaux.c b/bufaux.c index f1f14b33d..e24b5fc0a 100644 --- a/bufaux.c +++ b/bufaux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -346,7 +346,7 @@ buffer_get_bignum2_as_string_ret(Buffer *buffer, u_int *length_ptr) } ret = xmalloc(len); memcpy(ret, p, len); - memset(p, '\0', len); + explicit_bzero(p, len); free(bin); return ret; } @@ -383,7 +383,7 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l) } memcpy(p, s, l); buffer_put_string(buffer, buf, l + pad); - memset(buf, '\0', l + pad); + explicit_bzero(buf, l + pad); free(buf); } diff --git a/bufbn.c b/bufbn.c index 2ebc80a27..c4ad810e4 100644 --- a/bufbn.c +++ b/bufbn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bufbn.c,v 1.8 2013/11/08 11:15:19 dtucker Exp $*/ +/* $OpenBSD: bufbn.c,v 1.9 2014/02/02 03:44:31 djm Exp $*/ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -80,7 +80,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) /* Store the binary data. */ buffer_append(buffer, buf, oi); - memset(buf, 0, bin_size); + explicit_bzero(buf, bin_size); free(buf); return (0); @@ -173,7 +173,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) } hasnohigh = (buf[1] & 0x80) ? 0 : 1; buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); - memset(buf, 0, bytes); + explicit_bzero(buf, bytes); free(buf); return (0); } diff --git a/buffer.c b/buffer.c index 9e7c40a5a..d240f6753 100644 --- a/buffer.c +++ b/buffer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.c,v 1.34 2013/11/08 11:15:19 dtucker Exp $ */ +/* $OpenBSD: buffer.c,v 1.35 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -49,7 +49,7 @@ void buffer_free(Buffer *buffer) { if (buffer->alloc > 0) { - memset(buffer->buf, 0, buffer->alloc); + explicit_bzero(buffer->buf, buffer->alloc); buffer->alloc = 0; free(buffer->buf); } diff --git a/cipher-3des1.c b/cipher-3des1.c index 56fc77786..b2823592b 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher-3des1.c,v 1.9 2013/11/08 00:39:15 djm Exp $ */ +/* $OpenBSD: cipher-3des1.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. * @@ -93,7 +93,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { - memset(c, 0, sizeof(*c)); + explicit_bzero(c, sizeof(*c)); free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); return (0); @@ -134,7 +134,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) EVP_CIPHER_CTX_cleanup(&c->k1); EVP_CIPHER_CTX_cleanup(&c->k2); EVP_CIPHER_CTX_cleanup(&c->k3); - memset(c, 0, sizeof(*c)); + explicit_bzero(c, sizeof(*c)); free(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); } diff --git a/cipher.c b/cipher.c index 98961be1a..ee79a1ef4 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.95 2014/01/27 19:18:54 markus Exp $ */ +/* $OpenBSD: cipher.c,v 1.96 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -337,7 +337,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, if (EVP_Cipher(&cc->evp, discard, junk, cipher->discard_len) == 0) fatal("evp_crypt: EVP_Cipher failed during discard"); - memset(discard, 0, cipher->discard_len); + explicit_bzero(discard, cipher->discard_len); free(junk); free(discard); } @@ -422,7 +422,7 @@ void cipher_cleanup(CipherContext *cc) { if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) - memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx)); + explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); } @@ -444,7 +444,7 @@ cipher_set_key_string(CipherContext *cc, const Cipher *cipher, cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt); - memset(digest, 0, sizeof(digest)); + explicit_bzero(digest, sizeof(digest)); } /* diff --git a/clientloop.c b/clientloop.c index fd3ff49e8..59ad3a2c3 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.257 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: clientloop.c,v 1.258 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1761,7 +1761,7 @@ client_input_stdout_data(int type, u_int32_t seq, void *ctxt) char *data = packet_get_string(&data_len); packet_check_eom(); buffer_append(&stdout_buffer, data, data_len); - memset(data, 0, data_len); + explicit_bzero(data, data_len); free(data); } static void @@ -1771,7 +1771,7 @@ client_input_stderr_data(int type, u_int32_t seq, void *ctxt) char *data = packet_get_string(&data_len); packet_check_eom(); buffer_append(&stderr_buffer, data, data_len); - memset(data, 0, data_len); + explicit_bzero(data, data_len); free(data); } static void diff --git a/gss-serv.c b/gss-serv.c index 95348e251..b61e6e140 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.25 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -346,7 +346,8 @@ ssh_gssapi_userok(char *user) gss_release_buffer(&lmin, &gssapi_client.displayname); gss_release_buffer(&lmin, &gssapi_client.exportedname); gss_release_cred(&lmin, &gssapi_client.creds); - memset(&gssapi_client, 0, sizeof(ssh_gssapi_client)); + explicit_bzero(&gssapi_client, + sizeof(ssh_gssapi_client)); return 0; } else diff --git a/kex.c b/kex.c index 616484b85..74e2b8682 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.97 2014/01/25 20:35:37 markus Exp $ */ +/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -666,8 +666,8 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, fatal("%s: ssh_digest_final failed", __func__); memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5)); - memset(nbuf, 0, sizeof(nbuf)); - memset(obuf, 0, sizeof(obuf)); + explicit_bzero(nbuf, sizeof(nbuf)); + explicit_bzero(obuf, sizeof(obuf)); } #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) diff --git a/kexdhc.c b/kexdhc.c index 78509af21..f7a19fc13 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.14 2014/01/12 08:13:13 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.15 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -124,7 +124,7 @@ kexdh_client(Kex *kex) fatal("kexdh_client: BN_new failed"); if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) fatal("kexdh_client: BN_bin2bn failed"); - memset(kbuf, 0, klen); + explicit_bzero(kbuf, klen); free(kbuf); /* calc and verify H */ diff --git a/kexdhs.c b/kexdhs.c index d2c7adc96..c3011f741 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.17 2014/01/12 08:13:13 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.18 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -110,7 +110,7 @@ kexdh_server(Kex *kex) fatal("kexdh_server: BN_new failed"); if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) fatal("kexdh_server: BN_bin2bn failed"); - memset(kbuf, 0, klen); + explicit_bzero(kbuf, klen); free(kbuf); key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); diff --git a/kexecdhc.c b/kexecdhc.c index e3d1cf5f9..2f7629cca 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhc.c,v 1.6 2014/01/12 08:13:13 djm Exp $ */ +/* $OpenBSD: kexecdhc.c,v 1.7 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -119,7 +119,7 @@ kexecdh_client(Kex *kex) fatal("%s: BN_new failed", __func__); if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) fatal("%s: BN_bin2bn failed", __func__); - memset(kbuf, 0, klen); + explicit_bzero(kbuf, klen); free(kbuf); /* calc and verify H */ diff --git a/kexecdhs.c b/kexecdhs.c index 6fbb79c9d..2700b7219 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.9 2014/01/12 08:13:13 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -103,7 +103,7 @@ kexecdh_server(Kex *kex) fatal("%s: BN_new failed", __func__); if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) fatal("%s: BN_bin2bn failed", __func__); - memset(kbuf, 0, klen); + explicit_bzero(kbuf, klen); free(kbuf); /* calc H */ diff --git a/kexgexc.c b/kexgexc.c index 629b5fbbc..355b7ba31 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.16 2014/01/25 10:12:50 dtucker Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.17 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -162,7 +162,7 @@ kexgex_client(Kex *kex) fatal("kexgex_client: BN_new failed"); if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) fatal("kexgex_client: BN_bin2bn failed"); - memset(kbuf, 0, klen); + explicit_bzero(kbuf, klen); free(kbuf); if (datafellows & SSH_OLD_DHGEX) diff --git a/kexgexs.c b/kexgexs.c index 8773778ed..770ad28a8 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.18 2014/01/12 08:13:13 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.19 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -150,7 +150,7 @@ kexgex_server(Kex *kex) fatal("kexgex_server: BN_new failed"); if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) fatal("kexgex_server: BN_bin2bn failed"); - memset(kbuf, 0, klen); + explicit_bzero(kbuf, klen); free(kbuf); key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); diff --git a/key.c b/key.c index 914233808..168e1b7d7 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.115 2014/01/09 23:20:00 djm Exp $ */ +/* $OpenBSD: key.c,v 1.116 2014/02/02 03:44:31 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -242,12 +242,12 @@ key_free(Key *k) case KEY_ED25519: case KEY_ED25519_CERT: if (k->ed25519_pk) { - memset(k->ed25519_pk, 0, ED25519_PK_SZ); + explicit_bzero(k->ed25519_pk, ED25519_PK_SZ); free(k->ed25519_pk); k->ed25519_pk = NULL; } if (k->ed25519_sk) { - memset(k->ed25519_sk, 0, ED25519_SK_SZ); + explicit_bzero(k->ed25519_sk, ED25519_SK_SZ); free(k->ed25519_sk); k->ed25519_sk = NULL; } @@ -415,7 +415,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, if ((ssh_digest_memory(hash_alg, blob, len, retval, SSH_DIGEST_MAX_LENGTH)) != 0) fatal("%s: digest_memory failed", __func__); - memset(blob, 0, len); + explicit_bzero(blob, len); free(blob); *dgst_raw_length = ssh_digest_bytes(hash_alg); } else { @@ -623,7 +623,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) dgst_rep); break; } - memset(dgst_raw, 0, dgst_raw_len); + explicit_bzero(dgst_raw, dgst_raw_len); free(dgst_raw); return retval; } @@ -1744,7 +1744,7 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) *blobp = xmalloc(len); memcpy(*blobp, buffer_ptr(&b), len); } - memset(buffer_ptr(&b), 0, len); + explicit_bzero(buffer_ptr(&b), len); buffer_free(&b); return len; } diff --git a/monitor.c b/monitor.c index 79bd7c0c4..531c4f9a8 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.130 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -858,7 +858,7 @@ mm_answer_authpassword(int sock, Buffer *m) /* Only authenticate if the context is valid */ authenticated = options.password_authentication && auth_password(authctxt, passwd); - memset(passwd, 0, strlen(passwd)); + explicit_bzero(passwd, strlen(passwd)); free(passwd); buffer_clear(m); @@ -1800,13 +1800,13 @@ monitor_apply_keystate(struct monitor *pmonitor) /* XXX inefficient for large buffers, need: buffer_init_from_string */ buffer_clear(packet_get_input()); buffer_append(packet_get_input(), child_state.input, child_state.ilen); - memset(child_state.input, 0, child_state.ilen); + explicit_bzero(child_state.input, child_state.ilen); free(child_state.input); buffer_clear(packet_get_output()); buffer_append(packet_get_output(), child_state.output, child_state.olen); - memset(child_state.output, 0, child_state.olen); + explicit_bzero(child_state.output, child_state.olen); free(child_state.output); /* Roaming */ diff --git a/monitor_wrap.c b/monitor_wrap.c index 64c262363..1a47e4174 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.78 2014/01/29 06:18:35 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.79 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -572,7 +572,7 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) *blobp = xmalloc(len); memcpy(*blobp, buffer_ptr(&b), len); } - memset(buffer_ptr(&b), 0, len); + explicit_bzero(buffer_ptr(&b), len); buffer_free(&b); return len; } @@ -616,7 +616,7 @@ mm_send_keystate(struct monitor *monitor) key = xmalloc(keylen+1); /* add 1 if keylen == 0 */ keylen = packet_get_encryption_key(key); buffer_put_string(&m, key, keylen); - memset(key, 0, keylen); + explicit_bzero(key, keylen); free(key); ivlen = packet_get_keyiv_len(MODE_OUT); diff --git a/packet.c b/packet.c index 6cf7edbb8..54c0558f9 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.191 2013/12/06 13:34:54 markus Exp $ */ +/* $OpenBSD: packet.c,v 1.192 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -764,9 +764,9 @@ set_newkeys(int mode) mac = &active_state->newkeys[mode]->mac; comp = &active_state->newkeys[mode]->comp; mac_clear(mac); - memset(enc->iv, 0, enc->iv_len); - memset(enc->key, 0, enc->key_len); - memset(mac->key, 0, mac->key_len); + explicit_bzero(enc->iv, enc->iv_len); + explicit_bzero(enc->key, enc->key_len); + explicit_bzero(mac->key, mac->key_len); free(enc->name); free(enc->iv); free(enc->key); @@ -787,9 +787,9 @@ set_newkeys(int mode) cipher_init(cc, enc->cipher, enc->key, enc->key_len, enc->iv, enc->iv_len, crypt_type); /* Deleting the keys does not gain extra security */ - /* memset(enc->iv, 0, enc->block_size); - memset(enc->key, 0, enc->key_len); - memset(mac->key, 0, mac->key_len); */ + /* explicit_bzero(enc->iv, enc->block_size); + explicit_bzero(enc->key, enc->key_len); + explicit_bzero(mac->key, mac->key_len); */ if ((comp->type == COMP_ZLIB || (comp->type == COMP_DELAYED && active_state->after_authentication)) && comp->enabled == 0) { @@ -928,7 +928,7 @@ packet_send2_wrapped(void) } } else { /* clear padding */ - memset(cp, 0, padlen); + explicit_bzero(cp, padlen); } /* sizeof (packet_len + pad_len + payload + padding) */ len = buffer_len(&active_state->outgoing_packet); diff --git a/readpass.c b/readpass.c index e37d31158..869d86425 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */ +/* $OpenBSD: readpass.c,v 1.50 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -99,13 +99,13 @@ ssh_askpass(char *askpass, const char *msg) break; signal(SIGCHLD, osigchld); if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) { - memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return NULL; } buf[strcspn(buf, "\r\n")] = '\0'; pass = xstrdup(buf); - memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); return pass; } @@ -162,7 +162,7 @@ read_passphrase(const char *prompt, int flags) } ret = xstrdup(buf); - memset(buf, 'x', sizeof buf); + explicit_bzero(buf, sizeof(buf)); return ret; } diff --git a/rsa.c b/rsa.c index a9ee6b0ed..d0b5bbf5e 100644 --- a/rsa.c +++ b/rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */ +/* $OpenBSD: rsa.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -94,8 +94,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) if (BN_bin2bn(outbuf, len, out) == NULL) fatal("rsa_public_encrypt: BN_bin2bn failed"); - memset(outbuf, 0, olen); - memset(inbuf, 0, ilen); + explicit_bzero(outbuf, olen); + explicit_bzero(inbuf, ilen); free(outbuf); free(inbuf); } @@ -120,8 +120,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) if (BN_bin2bn(outbuf, len, out) == NULL) fatal("rsa_private_decrypt: BN_bin2bn failed"); } - memset(outbuf, 0, olen); - memset(inbuf, 0, ilen); + explicit_bzero(outbuf, olen); + explicit_bzero(inbuf, ilen); free(outbuf); free(inbuf); return len; diff --git a/serverloop.c b/serverloop.c index 5b2f8028d..2f8e3a06a 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.169 2013/12/19 00:19:12 dtucker Exp $ */ +/* $OpenBSD: serverloop.c,v 1.170 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -920,7 +920,7 @@ server_input_stdin_data(int type, u_int32_t seq, void *ctxt) data = packet_get_string(&data_len); packet_check_eom(); buffer_append(&stdin_buffer, data, data_len); - memset(data, 0, data_len); + explicit_bzero(data, data_len); free(data); } diff --git a/ssh-add.c b/ssh-add.c index 63ce72083..3421452af 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.108 2013/12/19 00:10:30 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.109 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -90,7 +90,7 @@ static void clear_pass(void) { if (pass) { - memset(pass, 0, strlen(pass)); + explicit_bzero(pass, strlen(pass)); free(pass); pass = NULL; } @@ -366,7 +366,7 @@ lock_agent(AuthenticationConnection *ac, int lock) fprintf(stderr, "Passwords do not match.\n"); passok = 0; } - memset(p2, 0, strlen(p2)); + explicit_bzero(p2, strlen(p2)); free(p2); } if (passok && ssh_lock_agent(ac, lock, p1)) { @@ -374,7 +374,7 @@ lock_agent(AuthenticationConnection *ac, int lock) ret = 0; } else fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); - memset(p1, 0, strlen(p1)); + explicit_bzero(p1, strlen(p1)); free(p1); return (ret); } diff --git a/ssh-agent.c b/ssh-agent.c index 256dff50c..ba2461211 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.182 2014/01/27 19:18:54 markus Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.183 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -554,7 +554,7 @@ process_lock_agent(SocketEntry *e, int lock) passwd = buffer_get_string(&e->request, NULL); if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { locked = 0; - memset(lock_passwd, 0, strlen(lock_passwd)); + explicit_bzero(lock_passwd, strlen(lock_passwd)); free(lock_passwd); lock_passwd = NULL; success = 1; @@ -563,7 +563,7 @@ process_lock_agent(SocketEntry *e, int lock) lock_passwd = xstrdup(passwd); success = 1; } - memset(passwd, 0, strlen(passwd)); + explicit_bzero(passwd, strlen(passwd)); free(passwd); buffer_put_int(&e->output, 1); diff --git a/ssh-dss.c b/ssh-dss.c index 7b897475c..6b4abcb7d 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.30 2014/01/09 23:20:00 djm Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -65,7 +65,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, } sig = DSA_do_sign(digest, dlen, key->dsa); - memset(digest, 'd', sizeof(digest)); + explicit_bzero(digest, sizeof(digest)); if (sig == NULL) { error("ssh_dss_sign: sign failed"); @@ -79,7 +79,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, DSA_SIG_free(sig); return -1; } - memset(sigblob, 0, SIGBLOB_LEN); + explicit_bzero(sigblob, SIGBLOB_LEN); BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); DSA_SIG_free(sig); @@ -168,7 +168,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, fatal("%s: BN_bin2bn failed", __func__); /* clean up */ - memset(sigblob, 0, len); + explicit_bzero(sigblob, len); free(sigblob); /* sha1 the data */ @@ -179,7 +179,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, } ret = DSA_do_verify(digest, dlen, sig, key->dsa); - memset(digest, 'd', sizeof(digest)); + explicit_bzero(digest, sizeof(digest)); DSA_SIG_free(sig); diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 10ad9da60..95b222446 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa.c,v 1.8 2014/01/09 23:20:00 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa.c,v 1.9 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -72,7 +72,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, } sig = ECDSA_do_sign(digest, dlen, key->ecdsa); - memset(digest, 'd', sizeof(digest)); + explicit_bzero(digest, sizeof(digest)); if (sig == NULL) { error("%s: sign failed", __func__); @@ -153,7 +153,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, buffer_free(&bb); /* clean up */ - memset(sigblob, 0, len); + explicit_bzero(sigblob, len); free(sigblob); /* hash the data */ @@ -169,7 +169,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, } ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); - memset(digest, 'd', sizeof(digest)); + explicit_bzero(digest, sizeof(digest)); ECDSA_SIG_free(sig); diff --git a/ssh-ed25519.c b/ssh-ed25519.c index 1aedcf83a..56c480df2 100644 --- a/ssh-ed25519.c +++ b/ssh-ed25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ed25519.c,v 1.1 2013/12/06 13:39:49 markus Exp $ */ +/* $OpenBSD: ssh-ed25519.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2013 Markus Friedl * @@ -66,7 +66,7 @@ ssh_ed25519_sign(const Key *key, u_char **sigp, u_int *lenp, memcpy(*sigp, buffer_ptr(&b), len); } buffer_free(&b); - memset(sig, 's', slen); + explicit_bzero(sig, slen); free(sig); return 0; @@ -130,9 +130,9 @@ ssh_ed25519_verify(const Key *key, const u_char *signature, u_int signaturelen, } /* XXX compare 'm' and 'data' ? */ - memset(sigblob, 's', len); - memset(sm, 'S', smlen); - memset(m, 'm', smlen); /* NB. mlen may be invalid if ret != 0 */ + explicit_bzero(sigblob, len); + explicit_bzero(sm, smlen); + explicit_bzero(m, smlen); /* NB. mlen may be invalid if ret != 0 */ free(sigblob); free(sm); free(m); diff --git a/ssh-keygen.c b/ssh-keygen.c index 8140447f7..9f0310945 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.239 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.240 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -267,7 +267,7 @@ load_identity(char *filename) pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); prv = key_load_private(filename, pass, NULL); - memset(pass, 0, strlen(pass)); + explicit_bzero(pass, strlen(pass)); free(pass); } return prv; @@ -1258,7 +1258,7 @@ do_change_passphrase(struct passwd *pw) RP_ALLOW_STDIN); private = key_load_private(identity_file, old_passphrase, &comment); - memset(old_passphrase, 0, strlen(old_passphrase)); + explicit_bzero(old_passphrase, strlen(old_passphrase)); free(old_passphrase); if (private == NULL) { printf("Bad passphrase.\n"); @@ -1280,15 +1280,15 @@ do_change_passphrase(struct passwd *pw) /* Verify that they are the same. */ if (strcmp(passphrase1, passphrase2) != 0) { - memset(passphrase1, 0, strlen(passphrase1)); - memset(passphrase2, 0, strlen(passphrase2)); + explicit_bzero(passphrase1, strlen(passphrase1)); + explicit_bzero(passphrase2, strlen(passphrase2)); free(passphrase1); free(passphrase2); printf("Pass phrases do not match. Try again.\n"); exit(1); } /* Destroy the other copy. */ - memset(passphrase2, 0, strlen(passphrase2)); + explicit_bzero(passphrase2, strlen(passphrase2)); free(passphrase2); } @@ -1296,14 +1296,14 @@ do_change_passphrase(struct passwd *pw) if (!key_save_private(private, identity_file, passphrase1, comment, use_new_format, new_format_cipher, rounds)) { printf("Saving the key failed: %s.\n", identity_file); - memset(passphrase1, 0, strlen(passphrase1)); + explicit_bzero(passphrase1, strlen(passphrase1)); free(passphrase1); key_free(private); free(comment); exit(1); } /* Destroy the passphrase and the copy of the key in memory. */ - memset(passphrase1, 0, strlen(passphrase1)); + explicit_bzero(passphrase1, strlen(passphrase1)); free(passphrase1); key_free(private); /* Destroys contents */ free(comment); @@ -1375,7 +1375,7 @@ do_change_comment(struct passwd *pw) /* Try to load using the passphrase. */ private = key_load_private(identity_file, passphrase, &comment); if (private == NULL) { - memset(passphrase, 0, strlen(passphrase)); + explicit_bzero(passphrase, strlen(passphrase)); free(passphrase); printf("Bad passphrase.\n"); exit(1); @@ -1396,7 +1396,7 @@ do_change_comment(struct passwd *pw) printf("Enter new comment: "); fflush(stdout); if (!fgets(new_comment, sizeof(new_comment), stdin)) { - memset(passphrase, 0, strlen(passphrase)); + explicit_bzero(passphrase, strlen(passphrase)); key_free(private); exit(1); } @@ -1407,13 +1407,13 @@ do_change_comment(struct passwd *pw) if (!key_save_private(private, identity_file, passphrase, new_comment, use_new_format, new_format_cipher, rounds)) { printf("Saving the key failed: %s.\n", identity_file); - memset(passphrase, 0, strlen(passphrase)); + explicit_bzero(passphrase, strlen(passphrase)); free(passphrase); key_free(private); free(comment); exit(1); } - memset(passphrase, 0, strlen(passphrase)); + explicit_bzero(passphrase, strlen(passphrase)); free(passphrase); public = key_from_private(private); key_free(private); @@ -2632,15 +2632,15 @@ passphrase_again: * The passphrases do not match. Clear them and * retry. */ - memset(passphrase1, 0, strlen(passphrase1)); - memset(passphrase2, 0, strlen(passphrase2)); + explicit_bzero(passphrase1, strlen(passphrase1)); + explicit_bzero(passphrase2, strlen(passphrase2)); free(passphrase1); free(passphrase2); printf("Passphrases do not match. Try again.\n"); goto passphrase_again; } /* Clear the other copy of the passphrase. */ - memset(passphrase2, 0, strlen(passphrase2)); + explicit_bzero(passphrase2, strlen(passphrase2)); free(passphrase2); } @@ -2655,12 +2655,12 @@ passphrase_again: if (!key_save_private(private, identity_file, passphrase1, comment, use_new_format, new_format_cipher, rounds)) { printf("Saving the key failed: %s.\n", identity_file); - memset(passphrase1, 0, strlen(passphrase1)); + explicit_bzero(passphrase1, strlen(passphrase1)); free(passphrase1); exit(1); } /* Clear the passphrase. */ - memset(passphrase1, 0, strlen(passphrase1)); + explicit_bzero(passphrase1, strlen(passphrase1)); free(passphrase1); /* Clear the private key and the random number generator. */ diff --git a/ssh-rsa.c b/ssh-rsa.c index a2112d033..c6f25b3ee 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.50 2014/01/09 23:20:00 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.51 2014/02/02 03:44:31 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl * @@ -70,7 +70,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, sig = xmalloc(slen); ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); - memset(digest, 'd', sizeof(digest)); + explicit_bzero(digest, sizeof(digest)); if (ok != 1) { int ecode = ERR_get_error(); @@ -84,7 +84,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, u_int diff = slen - len; debug("slen %u > len %u", slen, len); memmove(sig + diff, sig, len); - memset(sig, 0, diff); + explicit_bzero(sig, diff); } else if (len > slen) { error("%s: slen %u slen2 %u", __func__, slen, len); free(sig); @@ -102,7 +102,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, memcpy(*sigp, buffer_ptr(&b), len); } buffer_free(&b); - memset(sig, 's', slen); + explicit_bzero(sig, slen); free(sig); return 0; @@ -161,7 +161,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, modlen, len); sigblob = xrealloc(sigblob, 1, modlen); memmove(sigblob + diff, sigblob, len); - memset(sigblob, 0, diff); + explicit_bzero(sigblob, diff); len = modlen; } /* hash the data */ @@ -178,8 +178,8 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len, key->rsa); - memset(digest, 'd', sizeof(digest)); - memset(sigblob, 's', len); + explicit_bzero(digest, sizeof(digest)); + explicit_bzero(sigblob, len); free(sigblob); debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : ""); return ret; diff --git a/sshconnect.c b/sshconnect.c index d21781ea4..3781eaf3b 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.244 2014/01/09 23:26:48 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.245 2014/02/02 03:44:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1299,7 +1299,7 @@ ssh_put_password(char *password) padded = xcalloc(1, size); strlcpy(padded, password, size); packet_put_string(padded, size); - memset(padded, 0, size); + explicit_bzero(padded, size); free(padded); } diff --git a/sshconnect1.c b/sshconnect1.c index 57713d24d..921408ec1 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.73 2014/01/27 19:18:54 markus Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -120,7 +120,7 @@ try_agent_authentication(void) * return a wrong value. */ logit("Authentication agent failed to decrypt challenge."); - memset(response, 0, sizeof(response)); + explicit_bzero(response, sizeof(response)); } key_free(key); debug("Sending response to RSA challenge."); @@ -195,9 +195,9 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) packet_send(); packet_write_wait(); - memset(buf, 0, sizeof(buf)); - memset(response, 0, sizeof(response)); - memset(&md, 0, sizeof(md)); + explicit_bzero(buf, sizeof(buf)); + explicit_bzero(response, sizeof(response)); + explicit_bzero(&md, sizeof(md)); } /* @@ -271,7 +271,7 @@ try_rsa_authentication(int idx) debug2("no passphrase given, try next key"); quit = 1; } - memset(passphrase, 0, strlen(passphrase)); + explicit_bzero(passphrase, strlen(passphrase)); free(passphrase); if (private != NULL || quit) break; @@ -427,7 +427,7 @@ try_challenge_response_authentication(void) } packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); ssh_put_password(response); - memset(response, 0, strlen(response)); + explicit_bzero(response, strlen(response)); free(response); packet_send(); packet_write_wait(); @@ -460,7 +460,7 @@ try_password_authentication(char *prompt) password = read_passphrase(prompt, 0); packet_start(SSH_CMSG_AUTH_PASSWORD); ssh_put_password(password); - memset(password, 0, strlen(password)); + explicit_bzero(password, strlen(password)); free(password); packet_send(); packet_write_wait(); @@ -652,8 +652,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr) /* Set the encryption key. */ packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher); - /* We will no longer need the session key here. Destroy any extra copies. */ - memset(session_key, 0, sizeof(session_key)); + /* + * We will no longer need the session key here. + * Destroy any extra copies. + */ + explicit_bzero(session_key, sizeof(session_key)); /* * Expect a success message from the server. Note that this message diff --git a/sshconnect2.c b/sshconnect2.c index c60a8511b..7f4ff4189 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.203 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -869,7 +869,7 @@ userauth_passwd(Authctxt *authctxt) packet_put_cstring(authctxt->method->name); packet_put_char(0); packet_put_cstring(password); - memset(password, 0, strlen(password)); + explicit_bzero(password, strlen(password)); free(password); packet_add_padding(64); packet_send(); @@ -915,7 +915,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) authctxt->server_user, host); password = read_passphrase(prompt, 0); packet_put_cstring(password); - memset(password, 0, strlen(password)); + explicit_bzero(password, strlen(password)); free(password); password = NULL; while (password == NULL) { @@ -932,16 +932,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) authctxt->server_user, host); retype = read_passphrase(prompt, 0); if (strcmp(password, retype) != 0) { - memset(password, 0, strlen(password)); + explicit_bzero(password, strlen(password)); free(password); logit("Mismatch; try again, EOF to quit."); password = NULL; } - memset(retype, 0, strlen(retype)); + explicit_bzero(retype, strlen(retype)); free(retype); } packet_put_cstring(password); - memset(password, 0, strlen(password)); + explicit_bzero(password, strlen(password)); free(password); packet_add_padding(64); packet_send(); @@ -1126,7 +1126,7 @@ load_identity_file(char *filename, int userprovided) debug2("no passphrase given, try next key"); quit = 1; } - memset(passphrase, 0, strlen(passphrase)); + explicit_bzero(passphrase, strlen(passphrase)); free(passphrase); if (private != NULL || quit) break; @@ -1385,7 +1385,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) response = read_passphrase(prompt, echo ? RP_ECHO : 0); packet_put_cstring(response); - memset(response, 0, strlen(response)); + explicit_bzero(response, strlen(response)); free(response); free(prompt); } @@ -1555,7 +1555,7 @@ userauth_hostbased(Authctxt *authctxt) packet_put_cstring(chost); packet_put_cstring(authctxt->local_user); packet_put_string(signature, slen); - memset(signature, 's', slen); + explicit_bzero(signature, slen); free(signature); free(chost); free(pkalg); diff --git a/sshd.c b/sshd.c index b7411fe83..93e698b5d 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.417 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: sshd.c,v 1.418 2014/02/02 03:44:32 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -579,7 +579,7 @@ destroy_sensitive_data(void) } } sensitive_data.ssh1_host_key = NULL; - memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH); + explicit_bzero(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); } /* Demote private to public keys for network child */ @@ -1657,7 +1657,8 @@ main(int ac, char **av) fatal("Privilege separation user %s does not exist", SSH_PRIVSEP_USER); } else { - memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); + explicit_bzero(privsep_pw->pw_passwd, + strlen(privsep_pw->pw_passwd)); privsep_pw = pwcopy(privsep_pw); free(privsep_pw->pw_passwd); privsep_pw->pw_passwd = xstrdup("*"); @@ -2341,7 +2342,7 @@ do_ssh1_kex(void) get_remote_ipaddr(), len, (u_long)sizeof(session_key)); rsafail++; } else { - memset(session_key, 0, sizeof(session_key)); + explicit_bzero(session_key, sizeof(session_key)); BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len); @@ -2379,7 +2380,7 @@ do_ssh1_kex(void) sizeof(session_key) - 16) < 0) fatal("%s: md5 failed", __func__); ssh_digest_free(md); - memset(buf, 0, bytes); + explicit_bzero(buf, bytes); free(buf); for (i = 0; i < 16; i++) session_id[i] = session_key[i] ^ session_key[i + 16]; @@ -2397,7 +2398,7 @@ do_ssh1_kex(void) packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); /* Destroy our copy of the session key. It is no longer needed. */ - memset(session_key, 0, sizeof(session_key)); + explicit_bzero(session_key, sizeof(session_key)); debug("Received session key; encryption turned on."); -- cgit v1.2.3