diff options
author | Richard Levitte <levitte@openssl.org> | 2002-11-28 08:04:36 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2002-11-28 08:04:36 +0000 |
commit | 4579924b7e55fccc7013e6de196f2e2ab175ce39 (patch) | |
tree | fa19611a704cc901d3ba338cefbbb98878de7ee5 /apps | |
parent | 2047bda6fb8bedab1103b7bd5df5ea55eb7ccc9b (diff) |
Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/apps.c | 6 | ||||
-rw-r--r-- | apps/ca.c | 2 | ||||
-rw-r--r-- | apps/dgst.c | 2 | ||||
-rw-r--r-- | apps/enc.c | 4 | ||||
-rw-r--r-- | apps/s_client.c | 6 | ||||
-rw-r--r-- | apps/s_server.c | 2 | ||||
-rw-r--r-- | apps/s_socket.c | 16 |
7 files changed, 19 insertions, 19 deletions
diff --git a/apps/apps.c b/apps/apps.c index 271dfa1439..4a8c9263a7 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -615,7 +615,7 @@ int password_callback(char *buf, int bufsiz, int verify, if (buff) { - memset(buff,0,(unsigned int)bufsiz); + OPENSSL_cleanse(buff,(unsigned int)bufsiz); OPENSSL_free(buff); } @@ -625,13 +625,13 @@ int password_callback(char *buf, int bufsiz, int verify, { BIO_printf(bio_err, "User interface error\n"); ERR_print_errors(bio_err); - memset(buf,0,(unsigned int)bufsiz); + OPENSSL_cleanse(buf,(unsigned int)bufsiz); res = 0; } if (ok == -2) { BIO_printf(bio_err,"aborted!\n"); - memset(buf,0,(unsigned int)bufsiz); + OPENSSL_cleanse(buf,(unsigned int)bufsiz); res = 0; } UI_free(ui); @@ -706,7 +706,7 @@ bad: } pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key"); - if (key) memset(key,0,strlen(key)); + if (key) OPENSSL_cleanse(key,strlen(key)); if (pkey == NULL) { /* load_key() has already printed an appropriate message */ diff --git a/apps/dgst.c b/apps/dgst.c index dd65a591f5..c4bb7a1061 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -356,7 +356,7 @@ int MAIN(int argc, char **argv) end: if (buf != NULL) { - memset(buf,0,BUFSIZE); + OPENSSL_cleanse(buf,BUFSIZE); OPENSSL_free(buf); } if (in != NULL) BIO_free(in); diff --git a/apps/enc.c b/apps/enc.c index eff5c5610e..bae7f21d79 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -481,9 +481,9 @@ bad: * bug picked up by * Larry J. Hughes Jr. <hughes@indiana.edu> */ if (str == strbuf) - memset(str,0,SIZE); + OPENSSL_cleanse(str,SIZE); else - memset(str,0,strlen(str)); + OPENSSL_cleanse(str,strlen(str)); } if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) { diff --git a/apps/s_client.c b/apps/s_client.c index 3b018ff0e0..7b1fa7b22b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -908,9 +908,9 @@ end: if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); - if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); } - if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); } - if (mbuf != NULL) { memset(mbuf,0,BUFSIZZ); OPENSSL_free(mbuf); } + if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } + if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } + if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } if (bio_c_out != NULL) { BIO_free(bio_c_out); diff --git a/apps/s_server.c b/apps/s_server.c index 4d87567a62..7380fcc85f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1262,7 +1262,7 @@ err: BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); if (buf != NULL) { - memset(buf,0,bufsize); + OPENSSL_cleanse(buf,bufsize); OPENSSL_free(buf); } if (ret >= 0) diff --git a/apps/s_socket.c b/apps/s_socket.c index 77908b6380..9a696d5f93 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -62,14 +62,6 @@ #include <errno.h> #include <signal.h> -#ifdef FLAT_INC -#include "e_os.h" -#else -#include "../e_os.h" -#endif - -#ifndef OPENSSL_NO_SOCK - /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -87,6 +79,14 @@ typedef unsigned int u_int; #include "s_apps.h" #include <openssl/ssl.h> +#ifdef FLAT_INC +#include "e_os.h" +#else +#include "../e_os.h" +#endif + +#ifndef OPENSSL_NO_SOCK + static struct hostent *GetHostByName(char *name); #ifdef OPENSSL_SYS_WINDOWS static void ssl_sock_cleanup(void); |