diff options
61 files changed, 137 insertions, 137 deletions
diff --git a/apps/apps.c b/apps/apps.c index 271dfa1439..4a8c9263a7 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -615,7 +615,7 @@ int password_callback(char *buf, int bufsiz, int verify, if (buff) { - memset(buff,0,(unsigned int)bufsiz); + OPENSSL_cleanse(buff,(unsigned int)bufsiz); OPENSSL_free(buff); } @@ -625,13 +625,13 @@ int password_callback(char *buf, int bufsiz, int verify, { BIO_printf(bio_err, "User interface error\n"); ERR_print_errors(bio_err); - memset(buf,0,(unsigned int)bufsiz); + OPENSSL_cleanse(buf,(unsigned int)bufsiz); res = 0; } if (ok == -2) { BIO_printf(bio_err,"aborted!\n"); - memset(buf,0,(unsigned int)bufsiz); + OPENSSL_cleanse(buf,(unsigned int)bufsiz); res = 0; } UI_free(ui); @@ -706,7 +706,7 @@ bad: } pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key"); - if (key) memset(key,0,strlen(key)); + if (key) OPENSSL_cleanse(key,strlen(key)); if (pkey == NULL) { /* load_key() has already printed an appropriate message */ diff --git a/apps/dgst.c b/apps/dgst.c index dd65a591f5..c4bb7a1061 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -356,7 +356,7 @@ int MAIN(int argc, char **argv) end: if (buf != NULL) { - memset(buf,0,BUFSIZE); + OPENSSL_cleanse(buf,BUFSIZE); OPENSSL_free(buf); } if (in != NULL) BIO_free(in); diff --git a/apps/enc.c b/apps/enc.c index eff5c5610e..bae7f21d79 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -481,9 +481,9 @@ bad: * bug picked up by * Larry J. Hughes Jr. <hughes@indiana.edu> */ if (str == strbuf) - memset(str,0,SIZE); + OPENSSL_cleanse(str,SIZE); else - memset(str,0,strlen(str)); + OPENSSL_cleanse(str,strlen(str)); } if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv)) { diff --git a/apps/s_client.c b/apps/s_client.c index 3b018ff0e0..7b1fa7b22b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -908,9 +908,9 @@ end: if (con != NULL) SSL_free(con); if (con2 != NULL) SSL_free(con2); if (ctx != NULL) SSL_CTX_free(ctx); - if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); } - if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); } - if (mbuf != NULL) { memset(mbuf,0,BUFSIZZ); OPENSSL_free(mbuf); } + if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } + if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } + if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } if (bio_c_out != NULL) { BIO_free(bio_c_out); diff --git a/apps/s_server.c b/apps/s_server.c index 4d87567a62..7380fcc85f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1262,7 +1262,7 @@ err: BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); if (buf != NULL) { - memset(buf,0,bufsize); + OPENSSL_cleanse(buf,bufsize); OPENSSL_free(buf); } if (ret >= 0) diff --git a/apps/s_socket.c b/apps/s_socket.c index 77908b6380..9a696d5f93 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -62,14 +62,6 @@ #include <errno.h> #include <signal.h> -#ifdef FLAT_INC -#include "e_os.h" -#else -#include "../e_os.h" -#endif - -#ifndef OPENSSL_NO_SOCK - /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -87,6 +79,14 @@ typedef unsigned int u_int; #include "s_apps.h" #include <openssl/ssl.h> +#ifdef FLAT_INC +#include "e_os.h" +#else +#include "../e_os.h" +#endif + +#ifndef OPENSSL_NO_SOCK + static struct hostent *GetHostByName(char *name); #ifdef OPENSSL_SYS_WINDOWS static void ssl_sock_cleanup(void); diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index de53b44144..52ce7e3974 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -204,9 +204,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, err: EVP_MD_CTX_cleanup(&ctx); if (buf_in != NULL) - { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } + { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) - { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } + { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } return(outl); } @@ -287,8 +287,8 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, err: EVP_MD_CTX_cleanup(&ctx); if (buf_in != NULL) - { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } + { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) - { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } + { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } return(outl); } diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index bf41de5146..da2a0a6d69 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -103,7 +103,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature, EVP_VerifyInit_ex(&ctx,type, NULL); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); - memset(buf_in,0,(unsigned int)inl); + OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, @@ -153,7 +153,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat EVP_VerifyInit_ex(&ctx,type, NULL); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); - memset(buf_in,0,(unsigned int)inl); + OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 9146ee02c9..766b51c538 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -187,7 +187,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) i2d_NETSCAPE_PKEY(pkey,&zz); /* Wipe the private key encoding */ - memset(pkey->private_key->data, 0, rsalen); + OPENSSL_cleanse(pkey->private_key->data, rsalen); if (cb == NULL) cb=EVP_read_pw_string; @@ -206,7 +206,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) } EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); - memset(buf,0,256); + OPENSSL_cleanse(buf,256); /* Encrypt private key in place */ zz = enckey->enckey->digest->data; @@ -294,7 +294,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, } EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); - memset(buf,0,256); + OPENSSL_cleanse(buf,256); EVP_CIPHER_CTX_init(&ctx); EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL); diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index b634d5bc85..24b409132f 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -68,8 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) if(operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; if (key->pkey->value.octet_string) - memset(key->pkey->value.octet_string->data, - 0, key->pkey->value.octet_string->length); + OPENSSL_cleanse(key->pkey->value.octet_string->data, + key->pkey->value.octet_string->length); } return 1; } diff --git a/crypto/des/des.c b/crypto/des/des.c index d8c846b23d..343135ff9e 100644 --- a/crypto/des/des.c +++ b/crypto/des/des.c @@ -427,7 +427,7 @@ void doencryption(void) k2[i-8]=k; } DES_set_key_unchecked(&k2,&ks2); - memset(k2,0,sizeof(k2)); + OPENSSL_cleanse(k2,sizeof(k2)); } else if (longk || flag3) { @@ -435,7 +435,7 @@ void doencryption(void) { DES_string_to_2keys(key,&kk,&k2); DES_set_key_unchecked(&k2,&ks2); - memset(k2,0,sizeof(k2)); + OPENSSL_cleanse(k2,sizeof(k2)); } else DES_string_to_key(key,&kk); @@ -457,8 +457,8 @@ void doencryption(void) } DES_set_key_unchecked(&kk,&ks); - memset(key,0,sizeof(key)); - memset(kk,0,sizeof(kk)); + OPENSSL_cleanse(key,sizeof(key)); + OPENSSL_cleanse(kk,sizeof(kk)); /* woops - A bug that does not showup under unix :-( */ memset(iv,0,sizeof(iv)); memset(iv2,0,sizeof(iv2)); @@ -666,18 +666,18 @@ void doencryption(void) if (l) fclose(CKSUM_OUT); } problems: - memset(buf,0,sizeof(buf)); - memset(obuf,0,sizeof(obuf)); - memset(&ks,0,sizeof(ks)); - memset(&ks2,0,sizeof(ks2)); - memset(iv,0,sizeof(iv)); - memset(iv2,0,sizeof(iv2)); - memset(kk,0,sizeof(kk)); - memset(k2,0,sizeof(k2)); - memset(uubuf,0,sizeof(uubuf)); - memset(b,0,sizeof(b)); - memset(bb,0,sizeof(bb)); - memset(cksum,0,sizeof(cksum)); + OPENSSL_cleanse(buf,sizeof(buf)); + OPENSSL_cleanse(obuf,sizeof(obuf)); + OPENSSL_cleanse(&ks,sizeof(ks)); + OPENSSL_cleanse(&ks2,sizeof(ks2)); + OPENSSL_cleanse(iv,sizeof(iv)); + OPENSSL_cleanse(iv2,sizeof(iv2)); + OPENSSL_cleanse(kk,sizeof(kk)); + OPENSSL_cleanse(k2,sizeof(k2)); + OPENSSL_cleanse(uubuf,sizeof(uubuf)); + OPENSSL_cleanse(b,sizeof(b)); + OPENSSL_cleanse(bb,sizeof(bb)); + OPENSSL_cleanse(cksum,sizeof(cksum)); if (Exit) EXIT(Exit); } diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c index 241adfa342..430da4e994 100644 --- a/crypto/des/read2pwd.c +++ b/crypto/des/read2pwd.c @@ -123,8 +123,8 @@ int DES_read_password(DES_cblock *key, const char *prompt, int verify) if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) DES_string_to_key(buf,key); - memset(buf,0,BUFSIZ); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ok); } @@ -136,7 +136,7 @@ int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) DES_string_to_2keys(buf,key1,key2); - memset(buf,0,BUFSIZ); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ok); } diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index c79c9a0e2a..ce5fa00a37 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -220,7 +220,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt, int ret; ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ret); } diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c index 36c3f81d99..0373db469c 100644 --- a/crypto/des/str2key.c +++ b/crypto/des/str2key.c @@ -94,7 +94,7 @@ void DES_string_to_key(const char *str, DES_cblock *key) DES_set_key_unchecked(key,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key); - memset(&ks,0,sizeof(ks)); + OPENSSL_cleanse(&ks,sizeof(ks)); DES_set_odd_parity(key); } @@ -167,7 +167,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) DES_set_key_unchecked(key2,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2); - memset(&ks,0,sizeof(ks)); + OPENSSL_cleanse(&ks,sizeof(ks)); DES_set_odd_parity(key1); DES_set_odd_parity(key2); } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index d537fe7de6..d7758c91d3 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -118,7 +118,7 @@ void EC_KEY_free(EC_KEY *r) if (r->meth_data && r->meth_data->finish) r->meth_data->finish(r); - memset((void *)r, 0x0, sizeof(EC_KEY)); + OPENSSL_cleanse((void *)r, sizeof(EC_KEY)); OPENSSL_free(r); } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 9669f42aab..2cc0dc0ec1 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -162,11 +162,11 @@ void EC_GROUP_clear_free(EC_GROUP *group) if (group->seed) { - memset(group->seed, 0, group->seed_len); + OPENSSL_cleanse(group->seed, group->seed_len); OPENSSL_free(group->seed); } - memset(group, 0, sizeof *group); + OPENSSL_cleanse(group, sizeof *group); OPENSSL_free(group); } @@ -591,7 +591,7 @@ void EC_POINT_clear_free(EC_POINT *point) point->meth->point_clear_finish(point); else if (point->meth != NULL && point->meth->point_finish != 0) point->meth->point_finish(point); - memset(point, 0, sizeof *point); + OPENSSL_cleanse(point, sizeof *point); OPENSSL_free(point); } diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index fd8cb19fdd..59526f33bd 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -176,7 +176,7 @@ void ECDH_DATA_free(ECDH_DATA *r) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); - memset((void *)r, 0x0, sizeof(ECDH_DATA)); + OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); OPENSSL_free(r); } diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 8eb1c30865..9465dee625 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -170,7 +170,7 @@ void ECDSA_DATA_free(ECDSA_DATA *r) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); - memset((void *)r, 0x0, sizeof(ECDSA_DATA)); + OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); OPENSSL_free(r); } diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index 64fb2353af..510e1bc8a4 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -132,7 +132,7 @@ static int enc_free(BIO *a) if (a == NULL) return(0); b=(BIO_ENC_CTX *)a->ptr; EVP_CIPHER_CTX_cleanup(&(b->cipher)); - memset(a->ptr,0,sizeof(BIO_ENC_CTX)); + OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 3cbc6e7848..530ab937ce 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -211,7 +211,7 @@ static int ok_free(BIO *a) { if (a == NULL) return(0); EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); - memset(a->ptr,0,sizeof(BIO_OK_CTX)); + OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 9d18728d30..33013c41a6 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -301,7 +301,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) ctx->digest->cleanup(ctx); if (ctx->digest && ctx->digest->ctx_size && ctx->md_data) { - memset(ctx->md_data,0,ctx->digest->ctx_size); + OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } if(ctx->engine) diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index ed838d3e62..b9efa75ae7 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -109,7 +109,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, idea_set_encrypt_key(key,&tmp); idea_set_decrypt_key(&tmp,ctx->cipher_data); - memset((unsigned char *)&tmp,0, + OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); } return 1; diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index dc103bd1d7..5f387a94d3 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -103,7 +103,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); ret = UI_process(ui); UI_free(ui); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return ret; } @@ -168,7 +168,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, if ((nkey == 0) && (niv == 0)) break; } EVP_MD_CTX_cleanup(&c); - memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); + OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE); return(type->key_len); } diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index d15b799281..a1874e83b2 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -146,8 +146,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); - memset(md_tmp, 0, EVP_MAX_MD_SIZE); - memset(key, 0, EVP_MAX_KEY_LENGTH); - memset(iv, 0, EVP_MAX_IV_LENGTH); + OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); + OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); + OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); return 1; } diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 098ce8afa0..1f94e1ef88 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -231,7 +231,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, iter = ASN1_INTEGER_get(kdf->iter); PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); - memset(key, 0, keylen); + OPENSSL_cleanse(key, keylen); PBKDF2PARAM_free(kdf); return 1; diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c index 6976f2a867..5a933d1cda 100644 --- a/crypto/evp/p_open.c +++ b/ |