summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'ssl')
-rw-r--r--ssl/s2_lib.c2
-rw-r--r--ssl/s3_clnt.c2
-rw-r--r--ssl/s3_enc.c8
-rw-r--r--ssl/s3_lib.c2
-rw-r--r--ssl/s3_srvr.c2
-rw-r--r--ssl/ssl_sess.c8
-rw-r--r--ssl/t1_enc.c12
7 files changed, 18 insertions, 18 deletions
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index 0c96064675..bc4113cd68 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -307,7 +307,7 @@ void ssl2_free(SSL *s)
s2=s->s2;
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
- memset(s2,0,sizeof *s2);
+ OPENSSL_cleanse(s2,sizeof *s2);
OPENSSL_free(s2);
s->s2=NULL;
}
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 727fae88f1..c32a95581d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1461,7 +1461,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
- memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+ OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
}
else
#endif
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 79fa4f97c2..e7743aba2a 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -174,7 +174,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
km+=MD5_DIGEST_LENGTH;
}
- memset(smd,0,SHA_DIGEST_LENGTH);
+ OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
}
int ssl3_change_cipher_state(SSL *s, int which)
@@ -318,8 +318,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
- memset(&(exp_key[0]),0,sizeof(exp_key));
- memset(&(exp_iv[0]),0,sizeof(exp_iv));
+ OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+ OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
return(1);
err:
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -390,7 +390,7 @@ void ssl3_cleanup_key_block(SSL *s)
{
if (s->s3->tmp.key_block != NULL)
{
- memset(s->s3->tmp.key_block,0,
+ OPENSSL_cleanse(s->s3->tmp.key_block,
s->s3->tmp.key_block_length);
OPENSSL_free(s->s3->tmp.key_block);
s->s3->tmp.key_block=NULL;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c231d9d06f..fb8ce5e2e3 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -732,7 +732,7 @@ void ssl3_free(SSL *s)
#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
- memset(s->s3,0,sizeof *s->s3);
+ OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3=NULL;
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index cd122da8f1..7a89993b48 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1534,7 +1534,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,p,i);
- memset(p,0,i);
+ OPENSSL_cleanse(p,i);
}
else
#endif
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 130fe1018a..a8668e42e6 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -477,13 +477,13 @@ void SSL_SESSION_free(SSL_SESSION *ss)
CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
- memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
- memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
- memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+ OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH);
+ OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH);
+ OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH);
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL) X509_free(ss->peer);
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
- memset(ss,0,sizeof(*ss));
+ OPENSSL_cleanse(ss,sizeof(*ss));
OPENSSL_free(ss);
}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index f3ecc5f586..a11e1130d8 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -158,7 +158,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
}
HMAC_cleanup(&ctx);
HMAC_cleanup(&ctx_tmp);
- memset(A1,0,sizeof(A1));
+ OPENSSL_cleanse(A1,sizeof(A1));
}
static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
@@ -372,10 +372,10 @@ printf("\niv=");
printf("\n");
#endif
- memset(tmp1,0,sizeof(tmp1));
- memset(tmp2,0,sizeof(tmp1));
- memset(iv1,0,sizeof(iv1));
- memset(iv2,0,sizeof(iv2));
+ OPENSSL_cleanse(tmp1,sizeof(tmp1));
+ OPENSSL_cleanse(tmp2,sizeof(tmp1));
+ OPENSSL_cleanse(iv1,sizeof(iv1));
+ OPENSSL_cleanse(iv2,sizeof(iv2));
return(1);
err:
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -426,7 +426,7 @@ printf("pre-master\n");
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
#endif
tls1_generate_key_block(s,p1,p2,num);
- memset(p2,0,num);
+ OPENSSL_cleanse(p2,num);
OPENSSL_free(p2);
#ifdef TLS_DEBUG
printf("\nkey block\n");
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-18 05:40:19 +0000