summaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2002-11-28 08:04:36 +0000
committerRichard Levitte <levitte@openssl.org>2002-11-28 08:04:36 +0000
commit4579924b7e55fccc7013e6de196f2e2ab175ce39 (patch)
treefa19611a704cc901d3ba338cefbbb98878de7ee5 /crypto
parent2047bda6fb8bedab1103b7bd5df5ea55eb7ccc9b (diff)
downloadopenssl-new-4579924b7e55fccc7013e6de196f2e2ab175ce39.tar.gz
Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asn1/a_sign.c8
-rw-r--r--crypto/asn1/a_verify.c4
-rw-r--r--crypto/asn1/n_pkey.c6
-rw-r--r--crypto/asn1/p8_pkey.c4
-rw-r--r--crypto/des/des.c32
-rw-r--r--crypto/des/read2pwd.c8
-rw-r--r--crypto/des/read_pwd.c2
-rw-r--r--crypto/des/str2key.c4
-rw-r--r--crypto/ec/ec_key.c2
-rw-r--r--crypto/ec/ec_lib.c6
-rw-r--r--crypto/ecdh/ech_lib.c2
-rw-r--r--crypto/ecdsa/ecs_lib.c2
-rw-r--r--crypto/evp/bio_enc.c2
-rw-r--r--crypto/evp/bio_ok.c2
-rw-r--r--crypto/evp/digest.c2
-rw-r--r--crypto/evp/e_idea.c2
-rw-r--r--crypto/evp/evp_key.c4
-rw-r--r--crypto/evp/p5_crpt.c6
-rw-r--r--crypto/evp/p5_crpt2.c2
-rw-r--r--crypto/evp/p_open.c2
-rw-r--r--crypto/md32_common.h2
-rw-r--r--crypto/mem.c2
-rw-r--r--crypto/pem/pem_info.c4
-rw-r--r--crypto/pem/pem_lib.c14
-rw-r--r--crypto/pem/pem_pk8.c2
-rw-r--r--crypto/pem/pem_seal.c2
-rw-r--r--crypto/pkcs12/p12_crpt.c4
-rw-r--r--crypto/pkcs12/p12_decr.c4
-rw-r--r--crypto/pkcs12/p12_key.c2
-rw-r--r--crypto/pkcs7/bio_ber.c2
-rw-r--r--crypto/pkcs7/pk7_doit.c4
-rw-r--r--crypto/rand/md_rand.c4
-rw-r--r--crypto/rand/rand_unix.c2
-rw-r--r--crypto/rand/randfile.c4
-rw-r--r--crypto/rc4/rc4.c4
-rw-r--r--crypto/ripemd/rmd_one.c2
-rw-r--r--crypto/rsa/rsa_eay.c8
-rw-r--r--crypto/rsa/rsa_saos.c4
-rw-r--r--crypto/rsa/rsa_sign.c4
-rw-r--r--crypto/sha/sha1_one.c2
-rw-r--r--crypto/sha/sha_one.c2
-rw-r--r--crypto/ui/ui_openssl.c2
-rw-r--r--crypto/ui/ui_util.c2
-rw-r--r--crypto/x509/x509_vfy.c2
44 files changed, 93 insertions, 93 deletions
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index de53b44144..52ce7e3974 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -204,9 +204,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
err:
EVP_MD_CTX_cleanup(&ctx);
if (buf_in != NULL)
- { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+ { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
if (buf_out != NULL)
- { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+ { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
return(outl);
}
@@ -287,8 +287,8 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
err:
EVP_MD_CTX_cleanup(&ctx);
if (buf_in != NULL)
- { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+ { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
if (buf_out != NULL)
- { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+ { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
return(outl);
}
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index bf41de5146..da2a0a6d69 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -103,7 +103,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
EVP_VerifyInit_ex(&ctx,type, NULL);
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
- memset(buf_in,0,(unsigned int)inl);
+ OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
@@ -153,7 +153,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
EVP_VerifyInit_ex(&ctx,type, NULL);
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
- memset(buf_in,0,(unsigned int)inl);
+ OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 9146ee02c9..766b51c538 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -187,7 +187,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
i2d_NETSCAPE_PKEY(pkey,&zz);
/* Wipe the private key encoding */
- memset(pkey->private_key->data, 0, rsalen);
+ OPENSSL_cleanse(pkey->private_key->data, rsalen);
if (cb == NULL)
cb=EVP_read_pw_string;
@@ -206,7 +206,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
- memset(buf,0,256);
+ OPENSSL_cleanse(buf,256);
/* Encrypt private key in place */
zz = enckey->enckey->digest->data;
@@ -294,7 +294,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
- memset(buf,0,256);
+ OPENSSL_cleanse(buf,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
index b634d5bc85..24b409132f 100644
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@@ -68,8 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
if(operation == ASN1_OP_FREE_PRE) {
PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
if (key->pkey->value.octet_string)
- memset(key->pkey->value.octet_string->data,
- 0, key->pkey->value.octet_string->length);
+ OPENSSL_cleanse(key->pkey->value.octet_string->data,
+ key->pkey->value.octet_string->length);
}
return 1;
}
diff --git a/crypto/des/des.c b/crypto/des/des.c
index d8c846b23d..343135ff9e 100644
--- a/crypto/des/des.c
+++ b/crypto/des/des.c
@@ -427,7 +427,7 @@ void doencryption(void)
k2[i-8]=k;
}
DES_set_key_unchecked(&k2,&ks2);
- memset(k2,0,sizeof(k2));
+ OPENSSL_cleanse(k2,sizeof(k2));
}
else if (longk || flag3)
{
@@ -435,7 +435,7 @@ void doencryption(void)
{
DES_string_to_2keys(key,&kk,&k2);
DES_set_key_unchecked(&k2,&ks2);
- memset(k2,0,sizeof(k2));
+ OPENSSL_cleanse(k2,sizeof(k2));
}
else
DES_string_to_key(key,&kk);
@@ -457,8 +457,8 @@ void doencryption(void)
}
DES_set_key_unchecked(&kk,&ks);
- memset(key,0,sizeof(key));
- memset(kk,0,sizeof(kk));
+ OPENSSL_cleanse(key,sizeof(key));
+ OPENSSL_cleanse(kk,sizeof(kk));
/* woops - A bug that does not showup under unix :-( */
memset(iv,0,sizeof(iv));
memset(iv2,0,sizeof(iv2));
@@ -666,18 +666,18 @@ void doencryption(void)
if (l) fclose(CKSUM_OUT);
}
problems:
- memset(buf,0,sizeof(buf));
- memset(obuf,0,sizeof(obuf));
- memset(&ks,0,sizeof(ks));
- memset(&ks2,0,sizeof(ks2));
- memset(iv,0,sizeof(iv));
- memset(iv2,0,sizeof(iv2));
- memset(kk,0,sizeof(kk));
- memset(k2,0,sizeof(k2));
- memset(uubuf,0,sizeof(uubuf));
- memset(b,0,sizeof(b));
- memset(bb,0,sizeof(bb));
- memset(cksum,0,sizeof(cksum));
+ OPENSSL_cleanse(buf,sizeof(buf));
+ OPENSSL_cleanse(obuf,sizeof(obuf));
+ OPENSSL_cleanse(&ks,sizeof(ks));
+ OPENSSL_cleanse(&ks2,sizeof(ks2));
+ OPENSSL_cleanse(iv,sizeof(iv));
+ OPENSSL_cleanse(iv2,sizeof(iv2));
+ OPENSSL_cleanse(kk,sizeof(kk));
+ OPENSSL_cleanse(k2,sizeof(k2));
+ OPENSSL_cleanse(uubuf,sizeof(uubuf));
+ OPENSSL_cleanse(b,sizeof(b));
+ OPENSSL_cleanse(bb,sizeof(bb));
+ OPENSSL_cleanse(cksum,sizeof(cksum));
if (Exit) EXIT(Exit);
}
diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
index 241adfa342..430da4e994 100644
--- a/crypto/des/read2pwd.c
+++ b/crypto/des/read2pwd.c
@@ -123,8 +123,8 @@ int DES_read_password(DES_cblock *key, const char *prompt, int verify)
if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
DES_string_to_key(buf,key);
- memset(buf,0,BUFSIZ);
- memset(buff,0,BUFSIZ);
+ OPENSSL_cleanse(buf,BUFSIZ);
+ OPENSSL_cleanse(buff,BUFSIZ);
return(ok);
}
@@ -136,7 +136,7 @@ int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
DES_string_to_2keys(buf,key1,key2);
- memset(buf,0,BUFSIZ);
- memset(buff,0,BUFSIZ);
+ OPENSSL_cleanse(buf,BUFSIZ);
+ OPENSSL_cleanse(buff,BUFSIZ);
return(ok);
}
diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c
index c79c9a0e2a..ce5fa00a37 100644
--- a/crypto/des/read_pwd.c
+++ b/crypto/des/read_pwd.c
@@ -220,7 +220,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt,
int ret;
ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
- memset(buff,0,BUFSIZ);
+ OPENSSL_cleanse(buff,BUFSIZ);
return(ret);
}
diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index 36c3f81d99..0373db469c 100644
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -94,7 +94,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
DES_set_key_unchecked(key,&ks);
#endif
DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
- memset(&ks,0,sizeof(ks));
+ OPENSSL_cleanse(&ks,sizeof(ks));
DES_set_odd_parity(key);
}
@@ -167,7 +167,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
DES_set_key_unchecked(key2,&ks);
#endif
DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
- memset(&ks,0,sizeof(ks));
+ OPENSSL_cleanse(&ks,sizeof(ks));
DES_set_odd_parity(key1);
DES_set_odd_parity(key2);
}
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index d537fe7de6..d7758c91d3 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -118,7 +118,7 @@ void EC_KEY_free(EC_KEY *r)
if (r->meth_data && r->meth_data->finish)
r->meth_data->finish(r);
- memset((void *)r, 0x0, sizeof(EC_KEY));
+ OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
OPENSSL_free(r);
}
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 9669f42aab..2cc0dc0ec1 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -162,11 +162,11 @@ void EC_GROUP_clear_free(EC_GROUP *group)
if (group->seed)
{
- memset(group->seed, 0, group->seed_len);
+ OPENSSL_cleanse(group->seed, group->seed_len);
OPENSSL_free(group->seed);
}
- memset(group, 0, sizeof *group);
+ OPENSSL_cleanse(group, sizeof *group);
OPENSSL_free(group);
}
@@ -591,7 +591,7 @@ void EC_POINT_clear_free(EC_POINT *point)
point->meth->point_clear_finish(point);
else if (point->meth != NULL && point->meth->point_finish != 0)
point->meth->point_finish(point);
- memset(point, 0, sizeof *point);
+ OPENSSL_cleanse(point, sizeof *point);
OPENSSL_free(point);
}
diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
index fd8cb19fdd..59526f33bd 100644
--- a/crypto/ecdh/ech_lib.c
+++ b/crypto/ecdh/ech_lib.c
@@ -176,7 +176,7 @@ void ECDH_DATA_free(ECDH_DATA *r)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
- memset((void *)r, 0x0, sizeof(ECDH_DATA));
+ OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
OPENSSL_free(r);
}
diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c
index 8eb1c30865..9465dee625 100644
--- a/crypto/ecdsa/ecs_lib.c
+++ b/crypto/ecdsa/ecs_lib.c
@@ -170,7 +170,7 @@ void ECDSA_DATA_free(ECDSA_DATA *r)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
- memset((void *)r, 0x0, sizeof(ECDSA_DATA));
+ OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
OPENSSL_free(r);
}
diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index 64fb2353af..510e1bc8a4 100644
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -132,7 +132,7 @@ static int enc_free(BIO *a)
if (a == NULL) return(0);
b=(BIO_ENC_CTX *)a->ptr;
EVP_CIPHER_CTX_cleanup(&(b->cipher));
- memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+ OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index 3cbc6e7848..530ab937ce 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -211,7 +211,7 @@ static int ok_free(BIO *a)
{
if (a == NULL) return(0);
EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
- memset(a->ptr,0,sizeof(BIO_OK_CTX));
+ OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 9d18728d30..33013c41a6 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -301,7 +301,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
ctx->digest->cleanup(ctx);
if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
{
- memset(ctx->md_data,0,ctx->digest->ctx_size);
+ OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
OPENSSL_free(ctx->md_data);
}
if(ctx->engine)
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index ed838d3e62..b9efa75ae7 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -109,7 +109,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
idea_set_encrypt_key(key,&tmp);
idea_set_decrypt_key(&tmp,ctx->cipher_data);
- memset((unsigned char *)&tmp,0,
+ OPENSSL_cleanse((unsigned char *)&tmp,
sizeof(IDEA_KEY_SCHEDULE));
}
return 1;
diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index dc103bd1d7..5f387a94d3 100644
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -103,7 +103,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
ret = UI_process(ui);
UI_free(ui);
- memset(buff,0,BUFSIZ);
+ OPENSSL_cleanse(buff,BUFSIZ);
return ret;
}
@@ -168,7 +168,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
if ((nkey == 0) && (niv == 0)) break;
}
EVP_MD_CTX_cleanup(&c);
- memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+ OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
return(type->key_len);
}
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index d15b799281..a1874e83b2 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -146,8 +146,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
- memset(md_tmp, 0, EVP_MAX_MD_SIZE);
- memset(key, 0, EVP_MAX_KEY_LENGTH);
- memset(iv, 0, EVP_MAX_IV_LENGTH);
+ OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
return 1;
}
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 098ce8afa0..1f94e1ef88 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -231,7 +231,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
iter = ASN1_INTEGER_get(kdf->iter);
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
- memset(key, 0, keylen);
+ OPENSSL_cleanse(key, keylen);
PBKDF2PARAM_free(kdf);
return 1;
diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c
index 6976f2a867..5a933d1cda 100644
--- a/crypto/evp/p_open.c
+++ b/crypto/evp/p_open.c
@@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
ret=1;
err:
- if (key != NULL) memset(key,0,size);
+ if (key != NULL) OPENSSL_cleanse(key,size);
OPENSSL_free(key);
return(ret);
}
diff --git a/crypto/md32_common.h b/crypto/md32_common.h
index 86e41bf6df..275b93618b 100644
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -606,7 +606,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
c->num=0;
/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
* but I'm not worried :-)
- memset((void *)c,0,sizeof(HASH_CTX));
+ OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
*/
return 1;
}
diff --git a/crypto/mem.c b/crypto/mem.c
index 46a00697ce..d7d3cda5dc 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -343,7 +343,7 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
ret=malloc_ex_func(num,file,line);
if(ret)
memcpy(ret,str,old_len);
- memset(str,'\0',old_len);
+ OPENSSL_cleanse(str,old_len);
free_func(str);
#ifdef LEVITTE_DEBUG_MEM
fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num);
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 5412408584..17ea85e4d7 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -383,7 +383,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
ret=1;
err:
- memset((char *)&ctx,0,sizeof(ctx));
- memset(buf,0,PEM_BUFSIZE);
+ OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+ OPENSSL_cleanse(buf,PEM_BUFSIZE);
return(ret);
}
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 8e213c11c4..d3e9ce8577 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -368,13 +368,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
i=PEM_write_bio(bp,name,buf,data,i);
if (i <= 0) ret=0;
err:
- memset(key,0,sizeof(key));
- memset(iv,0,sizeof(iv));
- memset((char *)&ctx,0,sizeof(ctx));
- memset(buf,0,PEM_BUFSIZE);
+ OPENSSL_cleanse(key,sizeof(key));
+ OPENSSL_cleanse(iv,sizeof(iv));
+ OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+ OPENSSL_cleanse(buf,PEM_BUFSIZE);
if (data != NULL)
{
- memset(data,0,(unsigned int)dsize);
+ OPENSSL_cleanse(data,(unsigned int)dsize);
OPENSSL_free(data);
}
return(ret);
@@ -415,8 +415,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
EVP_DecryptUpdate(&ctx,data,&i,data,j);
o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
- memset((char *)buf,0,sizeof(buf));
- memset((char *)key,0,sizeof(key));
+ OPENSSL_cleanse((char *)buf,sizeof(buf));
+ OPENSSL_cleanse((char *)key,sizeof(key));
j+=i;
if (!o)
{
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index f44182ffb5..db38a2a79d 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER
kstr = buf;
}
p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
- if(kstr == buf) memset(buf, 0, klen);
+ if(kstr == buf) OPENSSL_cleanse(buf, klen);
PKCS8_PRIV_KEY_INFO_free(p8inf);
if(isder) ret = i2d_PKCS8_bio(bp, p8);
else ret = PEM_write_bio_PKCS8(bp, p8);
diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c
index ae463a301d..56e08abd70 100644
--- a/crypto/pem/pem_seal.c
+++ b/crypto/pem/pem_seal.c
@@ -112,7 +112,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
ret=npubk;
err:
if (s != NULL) OPENSSL_free(s);
- memset(key,0,EVP_MAX_KEY_LENGTH);
+ OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
return(ret);
}
diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 97be6a5fb5..5e8958612b 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
}
PBEPARAM_free(pbe);
EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
- memset(key, 0, EVP_MAX_KEY_LENGTH);
- memset(iv, 0, EVP_MAX_IV_LENGTH);
+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
return 1;
}
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 394af368f4..b5684a83ba 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -136,7 +136,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
}
#endif
ret = ASN1_item_d2i(NULL, &p, outlen, it);
- if (zbuf) memset(out, 0, outlen);
+ if (zbuf) OPENSSL_cleanse(out, outlen);
if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
OPENSSL_free(out);
return ret;
@@ -168,7 +168,7 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *i
OPENSSL_free(in);
return NULL;
}
- if (zbuf) memset(in, 0, inlen);
+ if (zbuf) OPENSSL_cleanse(in, inlen);
OPENSSL_free(in);
return oct;
}
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index 0d39ebde8c..9196a34b4a 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
id, iter, n, out, md_type);
if(unipass) {
- memset(unipass, 0, uniplen); /* Clear password from memory */
+ OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
OPENSSL_free(unipass);
}
return ret;
diff --git a/crypto/pkcs7/bio_ber.c b/crypto/pkcs7/bio_ber.c
index 42331f7ab0..895a91177b 100644
--- a/crypto/pkcs7/bio_ber.c
+++ b/crypto/pkcs7/bio_ber.c
@@ -145,7 +145,7 @@ static int ber_free(BIO *a)
if (a == NULL) return(0);
b=(BIO_BER_CTX *)a->ptr;
- memset(a->ptr,0,sizeof(BIO_BER_CTX));
+ OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index d1ab612eaa..123671b43e 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
}
OPENSSL_free(tmp);
- memset(key, 0, keylen);
+ OPENSSL_cleanse(key, keylen);
if (out == NULL)
out=btmp;
@@ -448,7 +448,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
}
EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
- memset(tmp,0,jj);
+ OPENSSL_cleanse(tmp,jj);
if (out == NULL)
out=etmp;
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index a00ed70718..eeffc0df4c 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void)
static void ssleay_rand_cleanup(void)
{
- memset(state,0,sizeof(state));
+ OPENSSL_cleanse(state,sizeof(state));
state_num=0;
state_index=0;
- memset(md,0,MD_DIGEST_LENGTH);
+ OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
md_count[0]=0;
md_count[1]=0;
entropy=0;
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 4175576fcc..a776e52243 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -215,7 +215,7 @@ int RAND_poll(void)
if (n > 0)
{
RAND_add(tmpbuf,sizeof tmpbuf,n);
- memset(tmpbuf,0,n);
+ OPENSSL_cleanse(tmpbuf,n);
}
#endif
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 7c2673a61f..41574768ab 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -124,7 +124,7 @@ int RAND_load_file(const char *file, long bytes)
}
}
fclose(in);
- memset(buf,0,BUFSIZE);
+ OPENSSL_cleanse(buf,BUFSIZE);
err:
return(ret);
}
@@ -189,7 +189,7 @@ int RAND_write_file(const char *file)
#endif /* OPENSSL_SYS_VMS */
fclose(out);
- memset(buf,0,BUFSIZE);
+ OPENSSL_cleanse(buf,BUFSIZE);
err:
return (rand_err ? -1 : ret);
}
diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.c
index c2165b0b75..b39c070292 100644
--- a/crypto/rc4/rc4.c
+++ b/crypto/rc4/rc4.c
@@ -155,7 +155,7 @@ bad:
i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
if (i != 0)
{
- memset(buf,0,BUFSIZ);
+ OPENSSL_cleanse(buf,BUFSIZ);
fprintf(stderr,"bad password read\n");
exit(1);
}
@@ -163,7 +163,7 @@ bad:
}
EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
- memset(keystr,0,strlen(keystr));
+ OPENSSL_cleanse(keystr,strlen(keystr));
RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
for(;;)
diff --git a/crypto/ripemd/rmd_one.c b/crypto/ripemd/rmd_one.c
index efdf2dd6ef..a783282282 100644
--- a/crypto/ripemd/rmd_one.c
+++ b/crypto/ripemd/rmd_one.c
@@ -70,7 +70,7 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
RIPEMD160_Init(&c);
RIPEMD160_Update(&c,d,n);
RIPEMD160_Final(md,&c);
- memset(&c,0,sizeof(c)); /* security consideration */
+ OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
return(md);
}
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 963c34a948..c4e6d1e22a 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -187,7 +187,7 @@ err:
BN_clear_free(&ret);
if (buf != NULL)
{
- memset(buf,0,num);
+ OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
@@ -271,7 +271,7 @@ err:
BN_clear_free(&f);
if (buf != NULL)
{
- memset(buf,0,num);
+ OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
@@ -370,7 +370,7 @@ err:
BN_clear_free(&ret);
if (buf != NULL)
{
- memset(buf,0,num);
+ OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
@@ -467,7 +467,7 @@ err:
BN_clear_free(&ret);
if (buf != NULL)
{
- memset(buf,0,num);
+ OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index 423cb50652..f462716a57 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -96,7 +96,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
else
*siglen=i;
- memset(s,0,(unsigned int)j+1);
+ OPENSSL_cleanse(s,(unsigned int)j+1);
OPENSSL_free(s);
return(ret);
}
@@ -139,7 +139,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
ret=1;
err:
if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
- memset(s,0,(unsigned int)siglen);
+ OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
return(ret);
}
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index c53ca73914..4ac2de3407 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -136,7 +136,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
*siglen=i;
if(type != NID_md5_sha1) {
- memset(tmps,0,(unsigned int)j+1);
+ OPENSSL_cleanse(tmps,(unsigned int)j+1);
OPENSSL_free(tmps);
}
return(ret);
@@ -221,7 +221,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
}
err:
if (sig != NULL) X509_SIG_free(sig);
- memset(s,0,(unsigned int)siglen);
+ OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
return(ret);
}
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index e6a24888ed..ad235d6cdc 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -70,7 +70,7 @@ unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
SHA1_Init(&c);
SHA1_Update(&c,d,n);
SHA1_Final(md,&c);
- memset(&c,0,sizeof(c));
+ OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
#endif
diff --git a/crypto/sha/sha_one.c b/crypto/sha/sha_one.c
index 5426faae4a..66b083144a 100644
--- a/crypto/sha/sha_one.c
+++ b/crypto/sha/sha_one.c
@@ -70,7 +70,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
SHA_Init(&c);
SHA_Update(&c,d,n);
SHA_Final(md,&c);
- memset(&c,0,sizeof(c));
+ OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
#endif
diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 6d5f9cd8b1..e1a872ef7c 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
@@ -449,7 +449,7 @@ error:
ok=1;
#endif
- memset(result,0,BUFSIZ);
+ OPENSSL_cleanse(result,BUFSIZ);
return ok;
}
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index 8876128e56..fc8b691a87 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -65,7 +65,7 @@ int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
int ret;
ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
- memset(buff,0,BUFSIZ);
+ OPENSSL_cleanse(buff,BUFSIZ);
return(ret);
}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 552d1e7251..568c629367 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1158,7 +1158,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
ctx->chain=NULL;
}
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
- memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
+ OPENSSL_cleanse(&ctx->ex_data,sizeof(CRYPTO_EX_DATA));
}
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)