Cleanse memory using the new OPENSSL_cleanse() function.

I've covered all the memset()s I felt safe modifying, but may have missed some.
This commit is contained in:
Richard Levitte 2002-11-28 08:06:36 +00:00
parent 615ee04098
commit 920b700d4a
46 changed files with 102 additions and 102 deletions

View file

@ -543,7 +543,7 @@ bad:
goto err; goto err;
} }
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
if(key) memset(key,0,strlen(key)); if(key) OPENSSL_cleanse(key,strlen(key));
if (pkey == NULL) if (pkey == NULL)
{ {
BIO_printf(bio_err,"unable to load CA private key\n"); BIO_printf(bio_err,"unable to load CA private key\n");

View file

@ -327,7 +327,7 @@ int MAIN(int argc, char **argv)
end: end:
if (buf != NULL) if (buf != NULL)
{ {
memset(buf,0,BUFSIZE); OPENSSL_cleanse(buf,BUFSIZE);
OPENSSL_free(buf); OPENSSL_free(buf);
} }
if (in != NULL) BIO_free(in); if (in != NULL) BIO_free(in);

View file

@ -506,9 +506,9 @@ bad:
* bug picked up by * bug picked up by
* Larry J. Hughes Jr. <hughes@indiana.edu> */ * Larry J. Hughes Jr. <hughes@indiana.edu> */
if (str == strbuf) if (str == strbuf)
memset(str,0,SIZE); OPENSSL_cleanse(str,SIZE);
else else
memset(str,0,strlen(str)); OPENSSL_cleanse(str,strlen(str));
} }
if ((hiv != NULL) && !set_hex(hiv,iv,8)) if ((hiv != NULL) && !set_hex(hiv,iv,8))
{ {

View file

@ -768,8 +768,8 @@ end:
if (con != NULL) SSL_free(con); if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2); if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx); if (ctx != NULL) SSL_CTX_free(ctx);
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); } if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); } if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (bio_c_out != NULL) if (bio_c_out != NULL)
{ {
BIO_free(bio_c_out); BIO_free(bio_c_out);

View file

@ -1043,7 +1043,7 @@ err:
BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
if (buf != NULL) if (buf != NULL)
{ {
memset(buf,0,bufsize); OPENSSL_cleanse(buf,bufsize);
OPENSSL_free(buf); OPENSSL_free(buf);
} }
if (ret >= 0) if (ret >= 0)

View file

@ -199,10 +199,10 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
err: err:
memset(&ctx,0,sizeof(ctx)); OPENSSL_cleanse(&ctx,sizeof(ctx));
if (buf_in != NULL) if (buf_in != NULL)
{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
if (buf_out != NULL) if (buf_out != NULL)
{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
return(outl); return(outl);
} }

View file

@ -100,7 +100,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
EVP_VerifyInit(&ctx,type); EVP_VerifyInit(&ctx,type);
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
memset(buf_in,0,(unsigned int)inl); OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in); OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,

View file

@ -181,7 +181,7 @@ int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
} }
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
memset(buf,0,256); OPENSSL_cleanse(buf,256);
EVP_CIPHER_CTX_init(&ctx); EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL); EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
@ -292,7 +292,7 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
} }
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
memset(buf,0,256); OPENSSL_cleanse(buf,256);
EVP_CIPHER_CTX_init(&ctx); EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL); EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);

View file

@ -119,8 +119,8 @@ void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
X509_ALGOR_free(a->pkeyalg); X509_ALGOR_free(a->pkeyalg);
/* Clear sensitive data */ /* Clear sensitive data */
if (a->pkey->value.octet_string) if (a->pkey->value.octet_string)
memset (a->pkey->value.octet_string->data, OPENSSL_cleanse(a->pkey->value.octet_string->data,
0, a->pkey->value.octet_string->length); a->pkey->value.octet_string->length);
ASN1_TYPE_free (a->pkey); ASN1_TYPE_free (a->pkey);
sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free); sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
OPENSSL_free (a); OPENSSL_free (a);

View file

@ -423,7 +423,7 @@ void doencryption(void)
k2[i-8]=k; k2[i-8]=k;
} }
des_set_key_unchecked(&k2,ks2); des_set_key_unchecked(&k2,ks2);
memset(k2,0,sizeof(k2)); OPENSSL_cleanse(k2,sizeof(k2));
} }
else if (longk || flag3) else if (longk || flag3)
{ {
@ -431,7 +431,7 @@ void doencryption(void)
{ {
des_string_to_2keys(key,&kk,&k2); des_string_to_2keys(key,&kk,&k2);
des_set_key_unchecked(&k2,ks2); des_set_key_unchecked(&k2,ks2);
memset(k2,0,sizeof(k2)); OPENSSL_cleanse(k2,sizeof(k2));
} }
else else
des_string_to_key(key,&kk); des_string_to_key(key,&kk);
@ -453,8 +453,8 @@ void doencryption(void)
} }
des_set_key_unchecked(&kk,ks); des_set_key_unchecked(&kk,ks);
memset(key,0,sizeof(key)); OPENSSL_cleanse(key,sizeof(key));
memset(kk,0,sizeof(kk)); OPENSSL_cleanse(kk,sizeof(kk));
/* woops - A bug that does not showup under unix :-( */ /* woops - A bug that does not showup under unix :-( */
memset(iv,0,sizeof(iv)); memset(iv,0,sizeof(iv));
memset(iv2,0,sizeof(iv2)); memset(iv2,0,sizeof(iv2));
@ -662,18 +662,18 @@ void doencryption(void)
if (l) fclose(CKSUM_OUT); if (l) fclose(CKSUM_OUT);
} }
problems: problems:
memset(buf,0,sizeof(buf)); OPENSSL_cleanse(buf,sizeof(buf));
memset(obuf,0,sizeof(obuf)); OPENSSL_cleanse(obuf,sizeof(obuf));
memset(ks,0,sizeof(ks)); OPENSSL_cleanse(ks,sizeof(ks));
memset(ks2,0,sizeof(ks2)); OPENSSL_cleanse(ks2,sizeof(ks2));
memset(iv,0,sizeof(iv)); OPENSSL_cleanse(iv,sizeof(iv));
memset(iv2,0,sizeof(iv2)); OPENSSL_cleanse(iv2,sizeof(iv2));
memset(kk,0,sizeof(kk)); OPENSSL_cleanse(kk,sizeof(kk));
memset(k2,0,sizeof(k2)); OPENSSL_cleanse(k2,sizeof(k2));
memset(uubuf,0,sizeof(uubuf)); OPENSSL_cleanse(uubuf,sizeof(uubuf));
memset(b,0,sizeof(b)); OPENSSL_cleanse(b,sizeof(b));
memset(bb,0,sizeof(bb)); OPENSSL_cleanse(bb,sizeof(bb));
memset(cksum,0,sizeof(cksum)); OPENSSL_cleanse(cksum,sizeof(cksum));
if (Exit) EXIT(Exit); if (Exit) EXIT(Exit);
} }

View file

@ -65,8 +65,8 @@ int des_read_password(des_cblock *key, const char *prompt, int verify)
if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
des_string_to_key(buf,key); des_string_to_key(buf,key);
memset(buf,0,BUFSIZ); OPENSSL_cleanse(buf,BUFSIZ);
memset(buff,0,BUFSIZ); OPENSSL_cleanse(buff,BUFSIZ);
return(ok); return(ok);
} }
@ -78,7 +78,7 @@ int des_read_2passwords(des_cblock *key1, des_cblock *key2, const char *prompt,
if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
des_string_to_2keys(buf,key1,key2); des_string_to_2keys(buf,key1,key2);
memset(buf,0,BUFSIZ); OPENSSL_cleanse(buf,BUFSIZ);
memset(buff,0,BUFSIZ); OPENSSL_cleanse(buff,BUFSIZ);
return(ok); return(ok);
} }

View file

@ -218,7 +218,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt,
int ret; int ret;
ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
memset(buff,0,BUFSIZ); OPENSSL_cleanse(buff,BUFSIZ);
return(ret); return(ret);
} }

View file

@ -88,7 +88,7 @@ void des_string_to_key(const char *str, des_cblock *key)
des_set_odd_parity(key); des_set_odd_parity(key);
des_set_key_unchecked(key,ks); des_set_key_unchecked(key,ks);
des_cbc_cksum((const unsigned char*)str,key,length,ks,key); des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
memset(ks,0,sizeof(ks)); OPENSSL_cleanse(ks,sizeof(ks));
des_set_odd_parity(key); des_set_odd_parity(key);
} }
@ -149,7 +149,7 @@ void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2)
des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1); des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
des_set_key_unchecked(key2,ks); des_set_key_unchecked(key2,ks);
des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2); des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
memset(ks,0,sizeof(ks)); OPENSSL_cleanse(ks,sizeof(ks));
des_set_odd_parity(key1); des_set_odd_parity(key1);
des_set_odd_parity(key2); des_set_odd_parity(key2);
} }

View file

@ -128,7 +128,7 @@ static int enc_free(BIO *a)
if (a == NULL) return(0); if (a == NULL) return(0);
b=(BIO_ENC_CTX *)a->ptr; b=(BIO_ENC_CTX *)a->ptr;
EVP_CIPHER_CTX_cleanup(&(b->cipher)); EVP_CIPHER_CTX_cleanup(&(b->cipher));
memset(a->ptr,0,sizeof(BIO_ENC_CTX)); OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
OPENSSL_free(a->ptr); OPENSSL_free(a->ptr);
a->ptr=NULL; a->ptr=NULL;
a->init=0; a->init=0;

View file

@ -208,7 +208,7 @@ static int ok_new(BIO *bi)
static int ok_free(BIO *a) static int ok_free(BIO *a)
{ {
if (a == NULL) return(0); if (a == NULL) return(0);
memset(a->ptr,0,sizeof(BIO_OK_CTX)); OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
OPENSSL_free(a->ptr); OPENSSL_free(a->ptr);
a->ptr=NULL; a->ptr=NULL;
a->init=0; a->init=0;

View file

@ -103,7 +103,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
idea_set_encrypt_key(key,&tmp); idea_set_encrypt_key(key,&tmp);
idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks)); idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
memset((unsigned char *)&tmp,0, OPENSSL_cleanse((unsigned char *)&tmp,
sizeof(IDEA_KEY_SCHEDULE)); sizeof(IDEA_KEY_SCHEDULE));
} }
return 1; return 1;

View file

@ -152,8 +152,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
} }
if ((nkey == 0) && (niv == 0)) break; if ((nkey == 0) && (niv == 0)) break;
} }
memset(&c,0,sizeof(c)); OPENSSL_cleanse(&c,sizeof(c));
memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
return(type->key_len); return(type->key_len);
} }

View file

@ -142,8 +142,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher)); EVP_CIPHER_iv_length(cipher));
EVP_CipherInit(cctx, cipher, key, iv, en_de); EVP_CipherInit(cctx, cipher, key, iv, en_de);
memset(md_tmp, 0, EVP_MAX_MD_SIZE); OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
memset(key, 0, EVP_MAX_KEY_LENGTH); OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
memset(iv, 0, EVP_MAX_IV_LENGTH); OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
return 1; return 1;
} }

View file

@ -228,7 +228,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
iter = ASN1_INTEGER_get(kdf->iter); iter = ASN1_INTEGER_get(kdf->iter);
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
EVP_CipherInit(ctx, NULL, key, NULL, en_de); EVP_CipherInit(ctx, NULL, key, NULL, en_de);
memset(key, 0, keylen); OPENSSL_cleanse(key, keylen);
PBKDF2PARAM_free(kdf); PBKDF2PARAM_free(kdf);
return 1; return 1;

View file

@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
ret=1; ret=1;
err: err:
if (key != NULL) memset(key,0,size); if (key != NULL) OPENSSL_cleanse(key,size);
OPENSSL_free(key); OPENSSL_free(key);
return(ret); return(ret);
} }

View file

@ -602,6 +602,6 @@ void HASH_FINAL (unsigned char *md, HASH_CTX *c)
c->num=0; c->num=0;
/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
* but I'm not worried :-) * but I'm not worried :-)
memset((void *)c,0,sizeof(HASH_CTX)); OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
*/ */
} }

View file

@ -358,7 +358,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
ret=1; ret=1;
err: err:
memset((char *)&ctx,0,sizeof(ctx)); OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
memset(buf,0,PEM_BUFSIZE); OPENSSL_cleanse(buf,PEM_BUFSIZE);
return(ret); return(ret);
} }

View file

@ -401,13 +401,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
i=PEM_write_bio(bp,name,buf,data,i); i=PEM_write_bio(bp,name,buf,data,i);
if (i <= 0) ret=0; if (i <= 0) ret=0;
err: err:
memset(key,0,sizeof(key)); OPENSSL_cleanse(key,sizeof(key));
memset(iv,0,sizeof(iv)); OPENSSL_cleanse(iv,sizeof(iv));
memset((char *)&ctx,0,sizeof(ctx)); OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
memset(buf,0,PEM_BUFSIZE); OPENSSL_cleanse(buf,PEM_BUFSIZE);
if (data != NULL) if (data != NULL)
{ {
memset(data,0,(unsigned int)dsize); OPENSSL_cleanse(data,(unsigned int)dsize);
OPENSSL_free(data); OPENSSL_free(data);
} }
return(ret); return(ret);
@ -447,8 +447,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
EVP_DecryptUpdate(&ctx,data,&i,data,j); EVP_DecryptUpdate(&ctx,data,&i,data,j);
o=EVP_DecryptFinal(&ctx,&(data[i]),&j); o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
memset((char *)buf,0,sizeof(buf)); OPENSSL_cleanse((char *)buf,sizeof(buf));
memset((char *)key,0,sizeof(key)); OPENSSL_cleanse((char *)key,sizeof(key));
j+=i; j+=i;
if (!o) if (!o)
{ {

View file

@ -109,7 +109,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
ret=npubk; ret=npubk;
err: err:
if (s != NULL) OPENSSL_free(s); if (s != NULL) OPENSSL_free(s);
memset(key,0,EVP_MAX_KEY_LENGTH); OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
return(ret); return(ret);
} }

View file

@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
} }
PBEPARAM_free(pbe); PBEPARAM_free(pbe);
EVP_CipherInit(ctx, cipher, key, iv, en_de); EVP_CipherInit(ctx, cipher, key, iv, en_de);
memset(key, 0, EVP_MAX_KEY_LENGTH); OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
memset(iv, 0, EVP_MAX_IV_LENGTH); OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
return 1; return 1;
} }

View file

@ -137,7 +137,7 @@ char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i, if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
else ret = d2i(NULL, &p, outlen); else ret = d2i(NULL, &p, outlen);
if (seq & 2) memset(out, 0, outlen); if (seq & 2) OPENSSL_cleanse(out, outlen);
if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
OPENSSL_free (out); OPENSSL_free (out);
return ret; return ret;

View file

@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
id, iter, n, out, md_type); id, iter, n, out, md_type);
if(unipass) { if(unipass) {
memset(unipass, 0, uniplen); /* Clear password from memory */ OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
OPENSSL_free(unipass); OPENSSL_free(unipass);
} }
return ret; return ret;

View file

@ -145,7 +145,7 @@ static int ber_free(BIO *a)
if (a == NULL) return(0); if (a == NULL) return(0);
b=(BIO_BER_CTX *)a->ptr; b=(BIO_BER_CTX *)a->ptr;
memset(a->ptr,0,sizeof(BIO_BER_CTX)); OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
OPENSSL_free(a->ptr); OPENSSL_free(a->ptr);
a->ptr=NULL; a->ptr=NULL;
a->init=0; a->init=0;

View file

@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
} }
OPENSSL_free(tmp); OPENSSL_free(tmp);
memset(key, 0, keylen); OPENSSL_cleanse(key, keylen);
if (out == NULL) if (out == NULL)
out=btmp; out=btmp;
@ -448,7 +448,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
} }
EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0); EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
memset(tmp,0,jj); OPENSSL_cleanse(tmp,jj);
if (out == NULL) if (out == NULL)
out=etmp; out=etmp;

View file

@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void)
static void ssleay_rand_cleanup(void) static void ssleay_rand_cleanup(void)
{ {
memset(state,0,sizeof(state)); OPENSSL_cleanse(state,sizeof(state));
state_num=0; state_num=0;
state_index=0; state_index=0;
memset(md,0,MD_DIGEST_LENGTH); OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
md_count[0]=0; md_count[0]=0;
md_count[1]=0; md_count[1]=0;
entropy=0; entropy=0;

View file

@ -125,7 +125,7 @@ int RAND_load_file(const char *file, long bytes)
} }
} }
fclose(in); fclose(in);
memset(buf,0,BUFSIZE); OPENSSL_cleanse(buf,BUFSIZE);
err: err:
return(ret); return(ret);
} }
@ -190,7 +190,7 @@ int RAND_write_file(const char *file)
#endif /* VMS */ #endif /* VMS */
fclose(out); fclose(out);
memset(buf,0,BUFSIZE); OPENSSL_cleanse(buf,BUFSIZE);
err: err:
return (rand_err ? -1 : ret); return (rand_err ? -1 : ret);
} }

View file

@ -155,7 +155,7 @@ bad:
i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0); i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
if (i != 0) if (i != 0)
{ {
memset(buf,0,BUFSIZ); OPENSSL_cleanse(buf,BUFSIZ);
fprintf(stderr,"bad password read\n"); fprintf(stderr,"bad password read\n");
exit(1); exit(1);
} }
@ -163,7 +163,7 @@ bad:
} }
MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md); MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
memset(keystr,0,strlen(keystr)); OPENSSL_cleanse(keystr,strlen(keystr));
RC4_set_key(&key,MD5_DIGEST_LENGTH,md); RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
for(;;) for(;;)

View file

@ -70,7 +70,7 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
RIPEMD160_Init(&c); RIPEMD160_Init(&c);
RIPEMD160_Update(&c,d,n); RIPEMD160_Update(&c,d,n);
RIPEMD160_Final(md,&c); RIPEMD160_Final(md,&c);
memset(&c,0,sizeof(c)); /* security consideration */ OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
return(md); return(md);
} }

View file

@ -184,7 +184,7 @@ err:
BN_clear_free(&ret); BN_clear_free(&ret);
if (buf != NULL) if (buf != NULL)
{ {
memset(buf,0,num); OPENSSL_cleanse(buf,num);
OPENSSL_free(buf); OPENSSL_free(buf);
} }
return(r); return(r);
@ -268,7 +268,7 @@ err:
BN_clear_free(&f); BN_clear_free(&f);
if (buf != NULL) if (buf != NULL)
{ {
memset(buf,0,num); OPENSSL_cleanse(buf,num);
OPENSSL_free(buf); OPENSSL_free(buf);
} }
return(r); return(r);
@ -367,7 +367,7 @@ err:
BN_clear_free(&ret); BN_clear_free(&ret);
if (buf != NULL) if (buf != NULL)
{ {
memset(buf,0,num); OPENSSL_cleanse(buf,num);
OPENSSL_free(buf); OPENSSL_free(buf);
} }
return(r); return(r);
@ -464,7 +464,7 @@ err:
BN_clear_free(&ret); BN_clear_free(&ret);
if (buf != NULL) if (buf != NULL)
{ {
memset(buf,0,num); OPENSSL_cleanse(buf,num);
OPENSSL_free(buf); OPENSSL_free(buf);
} }
return(r); return(r);

View file

@ -95,7 +95,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
else else
*siglen=i; *siglen=i;
memset(s,0,(unsigned int)j+1); OPENSSL_cleanse(s,(unsigned int)j+1);
OPENSSL_free(s); OPENSSL_free(s);
return(ret); return(ret);
} }
@ -137,7 +137,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
ret=1; ret=1;
err: err:
if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
memset(s,0,(unsigned int)siglen); OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s); OPENSSL_free(s);
return(ret); return(ret);
} }

View file

@ -131,7 +131,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
*siglen=i; *siglen=i;
if(type != NID_md5_sha1) { if(type != NID_md5_sha1) {
memset(s,0,(unsigned int)j+1); OPENSSL_cleanse(s,(unsigned int)j+1);
OPENSSL_free(s); OPENSSL_free(s);
} }
return(ret); return(ret);
@ -214,7 +214,7 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
} }
err: err:
if (sig != NULL) X509_SIG_free(sig); if (sig != NULL) X509_SIG_free(sig);
memset(s,0,(unsigned int)siglen); OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s); OPENSSL_free(s);
return(ret); return(ret);
} }

View file

@ -70,7 +70,7 @@ unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
SHA1_Init(&c); SHA1_Init(&c);
SHA1_Update(&c,d,n); SHA1_Update(&c,d,n);
SHA1_Final(md,&c); SHA1_Final(md,&c);
memset(&c,0,sizeof(c)); OPENSSL_cleanse(&c,sizeof(c));
return(md); return(md);
} }
#endif #endif

View file

@ -70,7 +70,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
SHA_Init(&c); SHA_Init(&c);
SHA_Update(&c,d,n); SHA_Update(&c,d,n);
SHA_Final(md,&c); SHA_Final(md,&c);
memset(&c,0,sizeof(c)); OPENSSL_cleanse(&c,sizeof(c));
return(md); return(md);
} }
#endif #endif

View file

@ -897,7 +897,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
ctx->chain=NULL; ctx->chain=NULL;
} }
CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data)); CRYPTO_free_ex_data(x509_store_ctx_method,ctx,&(ctx->ex_data));
memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); OPENSSL_cleanse(&ctx->ex_data,sizeof(CRYPTO_EX_DATA));
} }
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags) void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)

View file

@ -307,7 +307,7 @@ void ssl2_free(SSL *s)
s2=s->s2; s2=s->s2;
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
memset(s2,0,sizeof *s2); OPENSSL_cleanse(s2,sizeof *s2);
OPENSSL_free(s2); OPENSSL_free(s2);
s->s2=NULL; s->s2=NULL;
} }

View file

@ -1461,7 +1461,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
s->method->ssl3_enc->generate_master_secret(s, s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key, s->session->master_key,
tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
} }
else else
#endif #endif

View file

@ -174,7 +174,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
km+=MD5_DIGEST_LENGTH; km+=MD5_DIGEST_LENGTH;
} }
memset(smd,0,SHA_DIGEST_LENGTH); OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
} }
int ssl3_change_cipher_state(SSL *s, int which) int ssl3_change_cipher_state(SSL *s, int which)
@ -318,8 +318,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
memset(&(exp_key[0]),0,sizeof(exp_key)); OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
memset(&(exp_iv[0]),0,sizeof(exp_iv)); OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
return(1); return(1);
err: err:
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@ -390,7 +390,7 @@ void ssl3_cleanup_key_block(SSL *s)
{ {
if (s->s3->tmp.key_block != NULL) if (s->s3->tmp.key_block != NULL)
{ {
memset(s->s3->tmp.key_block,0, OPENSSL_cleanse(s->s3->tmp.key_block,
s->s3->tmp.key_block_length); s->s3->tmp.key_block_length);
OPENSSL_free(s->s3->tmp.key_block); OPENSSL_free(s->s3->tmp.key_block);
s->s3->tmp.key_block=NULL; s->s3->tmp.key_block=NULL;

View file

@ -732,7 +732,7 @@ void ssl3_free(SSL *s)
#endif #endif
if (s->s3->tmp.ca_names != NULL) if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
memset(s->s3,0,sizeof *s->s3); OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3); OPENSSL_free(s->s3);
s->s3=NULL; s->s3=NULL;
} }

View file

@ -1534,7 +1534,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
s->session->master_key_length= s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s, s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,p,i); s->session->master_key,p,i);
memset(p,0,i); OPENSSL_cleanse(p,i);
} }
else else
#endif #endif

View file

@ -477,13 +477,13 @@ void SSL_SESSION_free(SSL_SESSION *ss)
CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data); CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH);
memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH);
memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH);
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL) X509_free(ss->peer); if (ss->peer != NULL) X509_free(ss->peer);
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
memset(ss,0,sizeof(*ss)); OPENSSL_cleanse(ss,sizeof(*ss));
OPENSSL_free(ss); OPENSSL_free(ss);
} }

View file

@ -158,7 +158,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
} }
HMAC_cleanup(&ctx); HMAC_cleanup(&ctx);
HMAC_cleanup(&ctx_tmp); HMAC_cleanup(&ctx_tmp);
memset(A1,0,sizeof(A1)); OPENSSL_cleanse(A1,sizeof(A1));
} }
static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
@ -372,10 +372,10 @@ printf("\niv=");
printf("\n"); printf("\n");
#endif #endif
memset(tmp1,0,sizeof(tmp1)); OPENSSL_cleanse(tmp1,sizeof(tmp1));
memset(tmp2,0,sizeof(tmp1)); OPENSSL_cleanse(tmp2,sizeof(tmp1));
memset(iv1,0,sizeof(iv1)); OPENSSL_cleanse(iv1,sizeof(iv1));
memset(iv2,0,sizeof(iv2)); OPENSSL_cleanse(iv2,sizeof(iv2));
return(1); return(1);
err: err:
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@ -426,7 +426,7 @@ printf("pre-master\n");
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
#endif #endif
tls1_generate_key_block(s,p1,p2,num); tls1_generate_key_block(s,p1,p2,num);
memset(p2,0,num); OPENSSL_cleanse(p2,num);
OPENSSL_free(p2); OPENSSL_free(p2);
#ifdef TLS_DEBUG #ifdef TLS_DEBUG
printf("\nkey block\n"); printf("\nkey block\n");