Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
This commit is contained in:
parent
615ee04098
commit
920b700d4a
46 changed files with 102 additions and 102 deletions
|
@ -543,7 +543,7 @@ bad:
|
|||
goto err;
|
||||
}
|
||||
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
|
||||
if(key) memset(key,0,strlen(key));
|
||||
if(key) OPENSSL_cleanse(key,strlen(key));
|
||||
if (pkey == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to load CA private key\n");
|
||||
|
|
|
@ -327,7 +327,7 @@ int MAIN(int argc, char **argv)
|
|||
end:
|
||||
if (buf != NULL)
|
||||
{
|
||||
memset(buf,0,BUFSIZE);
|
||||
OPENSSL_cleanse(buf,BUFSIZE);
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
if (in != NULL) BIO_free(in);
|
||||
|
|
|
@ -506,9 +506,9 @@ bad:
|
|||
* bug picked up by
|
||||
* Larry J. Hughes Jr. <hughes@indiana.edu> */
|
||||
if (str == strbuf)
|
||||
memset(str,0,SIZE);
|
||||
OPENSSL_cleanse(str,SIZE);
|
||||
else
|
||||
memset(str,0,strlen(str));
|
||||
OPENSSL_cleanse(str,strlen(str));
|
||||
}
|
||||
if ((hiv != NULL) && !set_hex(hiv,iv,8))
|
||||
{
|
||||
|
|
|
@ -768,8 +768,8 @@ end:
|
|||
if (con != NULL) SSL_free(con);
|
||||
if (con2 != NULL) SSL_free(con2);
|
||||
if (ctx != NULL) SSL_CTX_free(ctx);
|
||||
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
|
||||
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
|
||||
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
|
||||
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
|
||||
if (bio_c_out != NULL)
|
||||
{
|
||||
BIO_free(bio_c_out);
|
||||
|
|
|
@ -1043,7 +1043,7 @@ err:
|
|||
BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
|
||||
if (buf != NULL)
|
||||
{
|
||||
memset(buf,0,bufsize);
|
||||
OPENSSL_cleanse(buf,bufsize);
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
if (ret >= 0)
|
||||
|
|
|
@ -199,10 +199,10 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
|
|||
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
|
||||
signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
|
||||
err:
|
||||
memset(&ctx,0,sizeof(ctx));
|
||||
OPENSSL_cleanse(&ctx,sizeof(ctx));
|
||||
if (buf_in != NULL)
|
||||
{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
|
||||
{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
|
||||
if (buf_out != NULL)
|
||||
{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
|
||||
{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
|
||||
return(outl);
|
||||
}
|
||||
|
|
|
@ -100,7 +100,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
|
|||
EVP_VerifyInit(&ctx,type);
|
||||
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
|
||||
|
||||
memset(buf_in,0,(unsigned int)inl);
|
||||
OPENSSL_cleanse(buf_in,(unsigned int)inl);
|
||||
OPENSSL_free(buf_in);
|
||||
|
||||
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
|
||||
|
|
|
@ -181,7 +181,7 @@ int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
|
|||
}
|
||||
|
||||
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
|
||||
memset(buf,0,256);
|
||||
OPENSSL_cleanse(buf,256);
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
|
||||
|
@ -292,7 +292,7 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
|
|||
}
|
||||
|
||||
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
|
||||
memset(buf,0,256);
|
||||
OPENSSL_cleanse(buf,256);
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
|
||||
|
|
|
@ -119,8 +119,8 @@ void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
|
|||
X509_ALGOR_free(a->pkeyalg);
|
||||
/* Clear sensitive data */
|
||||
if (a->pkey->value.octet_string)
|
||||
memset (a->pkey->value.octet_string->data,
|
||||
0, a->pkey->value.octet_string->length);
|
||||
OPENSSL_cleanse(a->pkey->value.octet_string->data,
|
||||
a->pkey->value.octet_string->length);
|
||||
ASN1_TYPE_free (a->pkey);
|
||||
sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
|
||||
OPENSSL_free (a);
|
||||
|
|
|
@ -423,7 +423,7 @@ void doencryption(void)
|
|||
k2[i-8]=k;
|
||||
}
|
||||
des_set_key_unchecked(&k2,ks2);
|
||||
memset(k2,0,sizeof(k2));
|
||||
OPENSSL_cleanse(k2,sizeof(k2));
|
||||
}
|
||||
else if (longk || flag3)
|
||||
{
|
||||
|
@ -431,7 +431,7 @@ void doencryption(void)
|
|||
{
|
||||
des_string_to_2keys(key,&kk,&k2);
|
||||
des_set_key_unchecked(&k2,ks2);
|
||||
memset(k2,0,sizeof(k2));
|
||||
OPENSSL_cleanse(k2,sizeof(k2));
|
||||
}
|
||||
else
|
||||
des_string_to_key(key,&kk);
|
||||
|
@ -453,8 +453,8 @@ void doencryption(void)
|
|||
}
|
||||
|
||||
des_set_key_unchecked(&kk,ks);
|
||||
memset(key,0,sizeof(key));
|
||||
memset(kk,0,sizeof(kk));
|
||||
OPENSSL_cleanse(key,sizeof(key));
|
||||
OPENSSL_cleanse(kk,sizeof(kk));
|
||||
/* woops - A bug that does not showup under unix :-( */
|
||||
memset(iv,0,sizeof(iv));
|
||||
memset(iv2,0,sizeof(iv2));
|
||||
|
@ -662,18 +662,18 @@ void doencryption(void)
|
|||
if (l) fclose(CKSUM_OUT);
|
||||
}
|
||||
problems:
|
||||
memset(buf,0,sizeof(buf));
|
||||
memset(obuf,0,sizeof(obuf));
|
||||
memset(ks,0,sizeof(ks));
|
||||
memset(ks2,0,sizeof(ks2));
|
||||
memset(iv,0,sizeof(iv));
|
||||
memset(iv2,0,sizeof(iv2));
|
||||
memset(kk,0,sizeof(kk));
|
||||
memset(k2,0,sizeof(k2));
|
||||
memset(uubuf,0,sizeof(uubuf));
|
||||
memset(b,0,sizeof(b));
|
||||
memset(bb,0,sizeof(bb));
|
||||
memset(cksum,0,sizeof(cksum));
|
||||
OPENSSL_cleanse(buf,sizeof(buf));
|
||||
OPENSSL_cleanse(obuf,sizeof(obuf));
|
||||
OPENSSL_cleanse(ks,sizeof(ks));
|
||||
OPENSSL_cleanse(ks2,sizeof(ks2));
|
||||
OPENSSL_cleanse(iv,sizeof(iv));
|
||||
OPENSSL_cleanse(iv2,sizeof(iv2));
|
||||
OPENSSL_cleanse(kk,sizeof(kk));
|
||||
OPENSSL_cleanse(k2,sizeof(k2));
|
||||
OPENSSL_cleanse(uubuf,sizeof(uubuf));
|
||||
OPENSSL_cleanse(b,sizeof(b));
|
||||
OPENSSL_cleanse(bb,sizeof(bb));
|
||||
OPENSSL_cleanse(cksum,sizeof(cksum));
|
||||
if (Exit) EXIT(Exit);
|
||||
}
|
||||
|
||||
|
|
|
@ -65,8 +65,8 @@ int des_read_password(des_cblock *key, const char *prompt, int verify)
|
|||
|
||||
if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
|
||||
des_string_to_key(buf,key);
|
||||
memset(buf,0,BUFSIZ);
|
||||
memset(buff,0,BUFSIZ);
|
||||
OPENSSL_cleanse(buf,BUFSIZ);
|
||||
OPENSSL_cleanse(buff,BUFSIZ);
|
||||
return(ok);
|
||||
}
|
||||
|
||||
|
@ -78,7 +78,7 @@ int des_read_2passwords(des_cblock *key1, des_cblock *key2, const char *prompt,
|
|||
|
||||
if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
|
||||
des_string_to_2keys(buf,key1,key2);
|
||||
memset(buf,0,BUFSIZ);
|
||||
memset(buff,0,BUFSIZ);
|
||||
OPENSSL_cleanse(buf,BUFSIZ);
|
||||
OPENSSL_cleanse(buff,BUFSIZ);
|
||||
return(ok);
|
||||
}
|
||||
|
|
|
@ -218,7 +218,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt,
|
|||
int ret;
|
||||
|
||||
ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
|
||||
memset(buff,0,BUFSIZ);
|
||||
OPENSSL_cleanse(buff,BUFSIZ);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
|
|
|
@ -88,7 +88,7 @@ void des_string_to_key(const char *str, des_cblock *key)
|
|||
des_set_odd_parity(key);
|
||||
des_set_key_unchecked(key,ks);
|
||||
des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
|
||||
memset(ks,0,sizeof(ks));
|
||||
OPENSSL_cleanse(ks,sizeof(ks));
|
||||
des_set_odd_parity(key);
|
||||
}
|
||||
|
||||
|
@ -149,7 +149,7 @@ void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2)
|
|||
des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
|
||||
des_set_key_unchecked(key2,ks);
|
||||
des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
|
||||
memset(ks,0,sizeof(ks));
|
||||
OPENSSL_cleanse(ks,sizeof(ks));
|
||||
des_set_odd_parity(key1);
|
||||
des_set_odd_parity(key2);
|
||||
}
|
||||
|
|
|
@ -128,7 +128,7 @@ static int enc_free(BIO *a)
|
|||
if (a == NULL) return(0);
|
||||
b=(BIO_ENC_CTX *)a->ptr;
|
||||
EVP_CIPHER_CTX_cleanup(&(b->cipher));
|
||||
memset(a->ptr,0,sizeof(BIO_ENC_CTX));
|
||||
OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
|
||||
OPENSSL_free(a->ptr);
|
||||
a->ptr=NULL;
|
||||
a->init=0;
|
||||
|
|
|
@ -208,7 +208,7 @@ static int ok_new(BIO *bi)
|
|||
static int ok_free(BIO *a)
|
||||
{
|
||||
if (a == NULL) return(0);
|
||||
memset(a->ptr,0,sizeof(BIO_OK_CTX));
|
||||
OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
|
||||
OPENSSL_free(a->ptr);
|
||||
a->ptr=NULL;
|
||||
a->init=0;
|
||||
|
|
|
@ -103,7 +103,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
|||
|
||||
idea_set_encrypt_key(key,&tmp);
|
||||
idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
|
||||
memset((unsigned char *)&tmp,0,
|
||||
OPENSSL_cleanse((unsigned char *)&tmp,
|
||||
sizeof(IDEA_KEY_SCHEDULE));
|
||||
}
|
||||
return 1;
|
||||
|
|
|
@ -152,8 +152,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
|
|||
}
|
||||
if ((nkey == 0) && (niv == 0)) break;
|
||||
}
|
||||
memset(&c,0,sizeof(c));
|
||||
memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
|
||||
OPENSSL_cleanse(&c,sizeof(c));
|
||||
OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
|
||||
return(type->key_len);
|
||||
}
|
||||
|
||||
|
|
|
@ -142,8 +142,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
|
|||
memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
|
||||
EVP_CIPHER_iv_length(cipher));
|
||||
EVP_CipherInit(cctx, cipher, key, iv, en_de);
|
||||
memset(md_tmp, 0, EVP_MAX_MD_SIZE);
|
||||
memset(key, 0, EVP_MAX_KEY_LENGTH);
|
||||
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
||||
OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
|
||||
OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
|
||||
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -228,7 +228,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
|||
iter = ASN1_INTEGER_get(kdf->iter);
|
||||
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
|
||||
EVP_CipherInit(ctx, NULL, key, NULL, en_de);
|
||||
memset(key, 0, keylen);
|
||||
OPENSSL_cleanse(key, keylen);
|
||||
PBKDF2PARAM_free(kdf);
|
||||
return 1;
|
||||
|
||||
|
|
|
@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
|
|||
|
||||
ret=1;
|
||||
err:
|
||||
if (key != NULL) memset(key,0,size);
|
||||
if (key != NULL) OPENSSL_cleanse(key,size);
|
||||
OPENSSL_free(key);
|
||||
return(ret);
|
||||
}
|
||||
|
|
|
@ -602,6 +602,6 @@ void HASH_FINAL (unsigned char *md, HASH_CTX *c)
|
|||
c->num=0;
|
||||
/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
|
||||
* but I'm not worried :-)
|
||||
memset((void *)c,0,sizeof(HASH_CTX));
|
||||
OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
|
||||
*/
|
||||
}
|
||||
|
|
|
@ -358,7 +358,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
|
|||
ret=1;
|
||||
|
||||
err:
|
||||
memset((char *)&ctx,0,sizeof(ctx));
|
||||
memset(buf,0,PEM_BUFSIZE);
|
||||
OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
|
||||
OPENSSL_cleanse(buf,PEM_BUFSIZE);
|
||||
return(ret);
|
||||
}
|
||||
|
|
|
@ -401,13 +401,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
|
|||
i=PEM_write_bio(bp,name,buf,data,i);
|
||||
if (i <= 0) ret=0;
|
||||
err:
|
||||
memset(key,0,sizeof(key));
|
||||
memset(iv,0,sizeof(iv));
|
||||
memset((char *)&ctx,0,sizeof(ctx));
|
||||
memset(buf,0,PEM_BUFSIZE);
|
||||
OPENSSL_cleanse(key,sizeof(key));
|
||||
OPENSSL_cleanse(iv,sizeof(iv));
|
||||
OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
|
||||
OPENSSL_cleanse(buf,PEM_BUFSIZE);
|
||||
if (data != NULL)
|
||||
{
|
||||
memset(data,0,(unsigned int)dsize);
|
||||
OPENSSL_cleanse(data,(unsigned int)dsize);
|
||||
OPENSSL_free(data);
|
||||
}
|
||||
return(ret);
|
||||
|
@ -447,8 +447,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
|||
EVP_DecryptUpdate(&ctx,data,&i,data,j);
|
||||
o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
|
||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
memset((char *)buf,0,sizeof(buf));
|
||||
memset((char *)key,0,sizeof(key));
|
||||
OPENSSL_cleanse((char *)buf,sizeof(buf));
|
||||
OPENSSL_cleanse((char *)key,sizeof(key));
|
||||
j+=i;
|
||||
if (!o)
|
||||
{
|
||||
|
|
|
@ -109,7 +109,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
|
|||
ret=npubk;
|
||||
err:
|
||||
if (s != NULL) OPENSSL_free(s);
|
||||
memset(key,0,EVP_MAX_KEY_LENGTH);
|
||||
OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
|
||||
return(ret);
|
||||
}
|
||||
|
||||
|
|
|
@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
|||
}
|
||||
PBEPARAM_free(pbe);
|
||||
EVP_CipherInit(ctx, cipher, key, iv, en_de);
|
||||
memset(key, 0, EVP_MAX_KEY_LENGTH);
|
||||
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
||||
OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
|
||||
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -137,7 +137,7 @@ char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
|
|||
if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
|
||||
free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
|
||||
else ret = d2i(NULL, &p, outlen);
|
||||
if (seq & 2) memset(out, 0, outlen);
|
||||
if (seq & 2) OPENSSL_cleanse(out, outlen);
|
||||
if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
|
||||
OPENSSL_free (out);
|
||||
return ret;
|
||||
|
|
|
@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
|
|||
ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
|
||||
id, iter, n, out, md_type);
|
||||
if(unipass) {
|
||||
memset(unipass, 0, uniplen); /* Clear password from memory */
|
||||
OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
|
||||
OPENSSL_free(unipass);
|
||||
}
|
||||
return ret;
|
||||
|
|
|
@ -145,7 +145,7 @@ static int ber_free(BIO *a)
|
|||
|
||||
if (a == NULL) return(0);
|
||||
b=(BIO_BER_CTX *)a->ptr;
|
||||
memset(a->ptr,0,sizeof(BIO_BER_CTX));
|
||||
OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
|
||||
OPENSSL_free(a->ptr);
|
||||
a->ptr=NULL;
|
||||
a->init=0;
|
||||
|
|
|
@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
|
|||
M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
|
||||
}
|
||||
OPENSSL_free(tmp);
|
||||
memset(key, 0, keylen);
|
||||
OPENSSL_cleanse(key, keylen);
|
||||
|
||||
if (out == NULL)
|
||||
out=btmp;
|
||||
|
@ -448,7 +448,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
|||
}
|
||||
EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
|
||||
|
||||
memset(tmp,0,jj);
|
||||
OPENSSL_cleanse(tmp,jj);
|
||||
|
||||
if (out == NULL)
|
||||
out=etmp;
|
||||
|
|
|
@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void)
|
|||
|
||||
static void ssleay_rand_cleanup(void)
|
||||
{
|
||||
memset(state,0,sizeof(state));
|
||||
OPENSSL_cleanse(state,sizeof(state));
|
||||
state_num=0;
|
||||
state_index=0;
|
||||
memset(md,0,MD_DIGEST_LENGTH);
|
||||
OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
|
||||
md_count[0]=0;
|
||||
md_count[1]=0;
|
||||
entropy=0;
|
||||
|
|
|
@ -125,7 +125,7 @@ int RAND_load_file(const char *file, long bytes)
|
|||
}
|
||||
}
|
||||
fclose(in);
|
||||
memset(buf,0,BUFSIZE);
|
||||
OPENSSL_cleanse(buf,BUFSIZE);
|
||||
err:
|
||||
return(ret);
|
||||
}
|
||||
|
@ -190,7 +190,7 @@ int RAND_write_file(const char *file)
|
|||
#endif /* VMS */
|
||||
|
||||
fclose(out);
|
||||
memset(buf,0,BUFSIZE);
|
||||
OPENSSL_cleanse(buf,BUFSIZE);
|
||||
err:
|
||||
return (rand_err ? -1 : ret);
|
||||
}
|
||||
|
|
|
@ -155,7 +155,7 @@ bad:
|
|||
i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
|
||||
if (i != 0)
|
||||
{
|
||||
memset(buf,0,BUFSIZ);
|
||||
OPENSSL_cleanse(buf,BUFSIZ);
|
||||
fprintf(stderr,"bad password read\n");
|
||||
exit(1);
|
||||
}
|
||||
|
@ -163,7 +163,7 @@ bad:
|
|||
}
|
||||
|
||||
MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
|
||||
memset(keystr,0,strlen(keystr));
|
||||
OPENSSL_cleanse(keystr,strlen(keystr));
|
||||
RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
|
||||
|
||||
for(;;)
|
||||
|
|
|
@ -70,7 +70,7 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
|
|||
RIPEMD160_Init(&c);
|
||||
RIPEMD160_Update(&c,d,n);
|
||||
RIPEMD160_Final(md,&c);
|
||||
memset(&c,0,sizeof(c)); /* security consideration */
|
||||
OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
|
||||
return(md);
|
||||
}
|
||||
|
||||
|
|
|
@ -184,7 +184,7 @@ err:
|
|||
BN_clear_free(&ret);
|
||||
if (buf != NULL)
|
||||
{
|
||||
memset(buf,0,num);
|
||||
OPENSSL_cleanse(buf,num);
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
return(r);
|
||||
|
@ -268,7 +268,7 @@ err:
|
|||
BN_clear_free(&f);
|
||||
if (buf != NULL)
|
||||
{
|
||||
memset(buf,0,num);
|
||||
OPENSSL_cleanse(buf,num);
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
return(r);
|
||||
|
@ -367,7 +367,7 @@ err:
|
|||
BN_clear_free(&ret);
|
||||
if (buf != NULL)
|
||||
{
|
||||
memset(buf,0,num);
|
||||
OPENSSL_cleanse(buf,num);
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
return(r);
|
||||
|
@ -464,7 +464,7 @@ err:
|
|||
BN_clear_free(&ret);
|
||||
if (buf != NULL)
|
||||
{
|
||||
memset(buf,0,num);
|
||||
OPENSSL_cleanse(buf,num);
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
return(r);
|
||||
|
|
|
@ -95,7 +95,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
|
|||
else
|
||||
*siglen=i;
|
||||
|
||||
memset(s,0,(unsigned int)j+1);
|
||||
OPENSSL_cleanse(s,(unsigned int)j+1);
|
||||
OPENSSL_free(s);
|
||||
return(ret);
|
||||
}
|
||||
|
@ -137,7 +137,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
|
|||
ret=1;
|
||||
err:
|
||||
if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
|
||||
memset(s,0,(unsigned int)siglen);
|
||||
OPENSSL_cleanse(s,(unsigned int)siglen);
|
||||
OPENSSL_free(s);
|
||||
return(ret);
|
||||
}
|
||||
|
|
|
@ -131,7 +131,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
|
|||
*siglen=i;
|
||||
|
||||
if(type != NID_md5_sha1) {
|
||||
memset(s,0,(unsigned int)j+1);
|
||||
OPENSSL_cleanse(s,(unsigned int)j+1);
|
||||
OPENSSL_free(s);
|
||||
}
|
||||
return(ret);
|
||||
|
@ -214,7 +214,7 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
|
|||
}
|
||||
err:
|
||||
if (sig != NULL) X509_SIG_free(sig);
|
||||
memset(s,0,(unsigned int)siglen);
|
||||
OPENSSL_cleanse(s,(unsigned int)siglen);
|
||||
OPENSSL_free(s);
|
||||
return(ret);
|
||||
}
|
||||
|
|
|
@ -70,7 +70,7 @@ unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
|
|||
SHA1_Init(&c);
|
||||
SHA1_Update(&c,d,n);
|
||||
SHA1_Final(md,&c);
|
||||
memset(&c,0,sizeof(c));
|
||||
OPENSSL_cleanse(&c,sizeof(c));
|
||||
return(md);
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -70,7 +70,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
|
|||
SHA_Init(&c);
|
||||
SHA_Update(&c,d,n);
|
||||
SHA_Final(md,&c);
|
||||
memset(&c,0,sizeof(c));
|
||||
OPENSSL_cleanse(&c,sizeof(c));
|
||||
return(md);
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -897,7 +897,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
|
|||
ctx->chain=NULL;
|
||||
}
|
||||
CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
|
||||
memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
|
||||
OPENSSL_cleanse(&ctx->ex_data,sizeof(CRYPTO_EX_DATA));
|
||||
}
|
||||
|
||||
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
|
||||
|
|
|
@ -307,7 +307,7 @@ void ssl2_free(SSL *s)
|
|||
s2=s->s2;
|
||||
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
|
||||
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
|
||||
memset(s2,0,sizeof *s2);
|
||||
OPENSSL_cleanse(s2,sizeof *s2);
|
||||
OPENSSL_free(s2);
|
||||
s->s2=NULL;
|
||||
}
|
||||
|
|
|
@ -1461,7 +1461,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
|
|||
s->method->ssl3_enc->generate_master_secret(s,
|
||||
s->session->master_key,
|
||||
tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
|
||||
memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
|
||||
OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
|
|
@ -174,7 +174,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
|
|||
|
||||
km+=MD5_DIGEST_LENGTH;
|
||||
}
|
||||
memset(smd,0,SHA_DIGEST_LENGTH);
|
||||
OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
|
||||
}
|
||||
|
||||
int ssl3_change_cipher_state(SSL *s, int which)
|
||||
|
@ -318,8 +318,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||
|
||||
EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
|
||||
|
||||
memset(&(exp_key[0]),0,sizeof(exp_key));
|
||||
memset(&(exp_iv[0]),0,sizeof(exp_iv));
|
||||
OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
|
||||
OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
|
||||
return(1);
|
||||
err:
|
||||
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
|
||||
|
@ -390,7 +390,7 @@ void ssl3_cleanup_key_block(SSL *s)
|
|||
{
|
||||
if (s->s3->tmp.key_block != NULL)
|
||||
{
|
||||
memset(s->s3->tmp.key_block,0,
|
||||
OPENSSL_cleanse(s->s3->tmp.key_block,
|
||||
s->s3->tmp.key_block_length);
|
||||
OPENSSL_free(s->s3->tmp.key_block);
|
||||
s->s3->tmp.key_block=NULL;
|
||||
|
|
|
@ -732,7 +732,7 @@ void ssl3_free(SSL *s)
|
|||
#endif
|
||||
if (s->s3->tmp.ca_names != NULL)
|
||||
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
|
||||
memset(s->s3,0,sizeof *s->s3);
|
||||
OPENSSL_cleanse(s->s3,sizeof *s->s3);
|
||||
OPENSSL_free(s->s3);
|
||||
s->s3=NULL;
|
||||
}
|
||||
|
|
|
@ -1534,7 +1534,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
|
|||
s->session->master_key_length=
|
||||
s->method->ssl3_enc->generate_master_secret(s,
|
||||
s->session->master_key,p,i);
|
||||
memset(p,0,i);
|
||||
OPENSSL_cleanse(p,i);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
|
|
@ -477,13 +477,13 @@ void SSL_SESSION_free(SSL_SESSION *ss)
|
|||
|
||||
CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
|
||||
|
||||
memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
|
||||
memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
|
||||
memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
|
||||
OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH);
|
||||
OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH);
|
||||
OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH);
|
||||
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
|
||||
if (ss->peer != NULL) X509_free(ss->peer);
|
||||
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
|
||||
memset(ss,0,sizeof(*ss));
|
||||
OPENSSL_cleanse(ss,sizeof(*ss));
|
||||
OPENSSL_free(ss);
|
||||
}
|
||||
|
||||
|
|
12
ssl/t1_enc.c
12
ssl/t1_enc.c
|
@ -158,7 +158,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
|
|||
}
|
||||
HMAC_cleanup(&ctx);
|
||||
HMAC_cleanup(&ctx_tmp);
|
||||
memset(A1,0,sizeof(A1));
|
||||
OPENSSL_cleanse(A1,sizeof(A1));
|
||||
}
|
||||
|
||||
static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
|
||||
|
@ -372,10 +372,10 @@ printf("\niv=");
|
|||
printf("\n");
|
||||
#endif
|
||||
|
||||
memset(tmp1,0,sizeof(tmp1));
|
||||
memset(tmp2,0,sizeof(tmp1));
|
||||
memset(iv1,0,sizeof(iv1));
|
||||
memset(iv2,0,sizeof(iv2));
|
||||
OPENSSL_cleanse(tmp1,sizeof(tmp1));
|
||||
OPENSSL_cleanse(tmp2,sizeof(tmp1));
|
||||
OPENSSL_cleanse(iv1,sizeof(iv1));
|
||||
OPENSSL_cleanse(iv2,sizeof(iv2));
|
||||
return(1);
|
||||
err:
|
||||
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
|
||||
|
@ -426,7 +426,7 @@ printf("pre-master\n");
|
|||
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
|
||||
#endif
|
||||
tls1_generate_key_block(s,p1,p2,num);
|
||||
memset(p2,0,num);
|
||||
OPENSSL_cleanse(p2,num);
|
||||
OPENSSL_free(p2);
|
||||
#ifdef TLS_DEBUG
|
||||
printf("\nkey block\n");
|
||||
|
|
Loading…
Reference in a new issue