diff options
author | Richard Levitte <levitte@openssl.org> | 2002-11-28 08:04:36 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2002-11-28 08:04:36 +0000 |
commit | 4579924b7e55fccc7013e6de196f2e2ab175ce39 (patch) | |
tree | fa19611a704cc901d3ba338cefbbb98878de7ee5 /ssl | |
parent | 2047bda6fb8bedab1103b7bd5df5ea55eb7ccc9b (diff) |
Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/kssl.c | 4 | ||||
-rw-r--r-- | ssl/s2_lib.c | 2 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 6 | ||||
-rw-r--r-- | ssl/s3_enc.c | 8 | ||||
-rw-r--r-- | ssl/s3_lib.c | 2 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 2 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 8 | ||||
-rw-r--r-- | ssl/t1_enc.c | 12 |
8 files changed, 22 insertions, 22 deletions
diff --git a/ssl/kssl.c b/ssl/kssl.c index c294166b9d..1a49f43a83 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1550,7 +1550,7 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx) { if (kssl_ctx == NULL) return kssl_ctx; - if (kssl_ctx->key) memset(kssl_ctx->key, 0, + if (kssl_ctx->key) OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length); if (kssl_ctx->key) free(kssl_ctx->key); if (kssl_ctx->client_princ) free(kssl_ctx->client_princ); @@ -1654,7 +1654,7 @@ kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) if (kssl_ctx->key) { - memset(kssl_ctx->key, 0, kssl_ctx->length); + OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length); free(kssl_ctx->key); } diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 096e38d316..910b9fe097 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -308,7 +308,7 @@ void ssl2_free(SSL *s) s2=s->s2; if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - memset(s2,0,sizeof *s2); + OPENSSL_cleanse(s2,sizeof *s2); OPENSSL_free(s2); s->s2=NULL; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 45bea069f2..aff0d9e61b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1657,7 +1657,7 @@ static int ssl3_send_client_key_exchange(SSL *s) s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, tmp_buf,sizeof tmp_buf); - memset(tmp_buf,0,sizeof tmp_buf); + OPENSSL_cleanse(tmp_buf,sizeof tmp_buf); } #endif #ifndef OPENSSL_NO_KRB5 @@ -1788,8 +1788,8 @@ static int ssl3_send_client_key_exchange(SSL *s) s->session->master_key, tmp_buf, sizeof tmp_buf); - memset(tmp_buf, 0, sizeof tmp_buf); - memset(epms, 0, outl); + OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); + OPENSSL_cleanse(epms, outl); } #endif #ifndef OPENSSL_NO_DH diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index cec8fcd376..35fde29c8a 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -182,7 +182,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) km+=MD5_DIGEST_LENGTH; } - memset(smd,0,SHA_DIGEST_LENGTH); + OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); EVP_MD_CTX_cleanup(&m5); EVP_MD_CTX_cleanup(&s1); return 1; @@ -333,8 +333,8 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); - memset(&(exp_key[0]),0,sizeof(exp_key)); - memset(&(exp_iv[0]),0,sizeof(exp_iv)); + OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key)); + OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv)); EVP_MD_CTX_cleanup(&md); return(1); err: @@ -408,7 +408,7 @@ void ssl3_cleanup_key_block(SSL *s) { if (s->s3->tmp.key_block != NULL) { - memset(s->s3->tmp.key_block,0, + OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length); OPENSSL_free(s->s3->tmp.key_block); s->s3->tmp.key_block=NULL; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index be4325886d..2145385ccd 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1468,7 +1468,7 @@ void ssl3_free(SSL *s) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); - memset(s->s3,0,sizeof *s->s3); + OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index fbd5ff54da..c687da9b2e 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2069,7 +2069,7 @@ static int ssl3_get_client_key_exchange(SSL *s) s->session->master_key_length = s->method->ssl3_enc-> \ generate_master_secret(s, s->session->master_key, p, i); - memset(p, 0, i); + OPENSSL_cleanse(p, i); return (ret); } else diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index a969d8fdce..fbc30b94e6 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -528,13 +528,13 @@ void SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - memset(ss->key_arg,0,sizeof ss->key_arg); - memset(ss->master_key,0,sizeof ss->master_key); - memset(ss->session_id,0,sizeof ss->session_id); + OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); + OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); + OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); - memset(ss,0,sizeof(*ss)); + OPENSSL_cleanse(ss,sizeof(*ss)); OPENSSL_free(ss); } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 872c629989..bfcd7d9191 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -161,7 +161,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, } HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&ctx_tmp); - memset(A1,0,sizeof(A1)); + OPENSSL_cleanse(A1,sizeof(A1)); } static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, @@ -418,10 +418,10 @@ printf("\niv="); printf("\n"); #endif - memset(tmp1,0,sizeof(tmp1)); - memset(tmp2,0,sizeof(tmp1)); - memset(iv1,0,sizeof(iv1)); - memset(iv2,0,sizeof(iv2)); + OPENSSL_cleanse(tmp1,sizeof(tmp1)); + OPENSSL_cleanse(tmp2,sizeof(tmp1)); + OPENSSL_cleanse(iv1,sizeof(iv1)); + OPENSSL_cleanse(iv2,sizeof(iv2)); return(1); err: SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); @@ -476,7 +476,7 @@ printf("pre-master\n"); { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } #endif tls1_generate_key_block(s,p1,p2,num); - memset(p2,0,num); + OPENSSL_cleanse(p2,num); OPENSSL_free(p2); #ifdef TLS_DEBUG printf("\nkey block\n"); |