summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2014-02-02 03:44:33 +0000
committerDamien Miller <djm@cvs.openbsd.org>2014-02-02 03:44:33 +0000
commitb5d9a0e1ebbdac0edd5313d53fda2a2bbb2f318f (patch)
tree0d1ea03044676ba7c2b6aa024d64a6c160161f7a
parentfe55dfde82d2faf80a3ca92ba365c26ec5e2ad02 (diff)
convert memset of potentially-private data to explicit_bzero()
-rw-r--r--usr.bin/ssh/auth1.c6
-rw-r--r--usr.bin/ssh/auth2-chall.c4
-rw-r--r--usr.bin/ssh/auth2-passwd.c6
-rw-r--r--usr.bin/ssh/authfile.c14
-rw-r--r--usr.bin/ssh/bufaux.c6
-rw-r--r--usr.bin/ssh/bufbn.c6
-rw-r--r--usr.bin/ssh/buffer.c4
-rw-r--r--usr.bin/ssh/cipher-3des1.c6
-rw-r--r--usr.bin/ssh/cipher.c8
-rw-r--r--usr.bin/ssh/clientloop.c6
-rw-r--r--usr.bin/ssh/digest-libc.c6
-rw-r--r--usr.bin/ssh/digest-openssl.c4
-rw-r--r--usr.bin/ssh/gss-serv.c5
-rw-r--r--usr.bin/ssh/kex.c6
-rw-r--r--usr.bin/ssh/kexdhc.c4
-rw-r--r--usr.bin/ssh/kexdhs.c4
-rw-r--r--usr.bin/ssh/kexecdhc.c4
-rw-r--r--usr.bin/ssh/kexecdhs.c4
-rw-r--r--usr.bin/ssh/kexgexc.c4
-rw-r--r--usr.bin/ssh/kexgexs.c4
-rw-r--r--usr.bin/ssh/key.c12
-rw-r--r--usr.bin/ssh/monitor.c8
-rw-r--r--usr.bin/ssh/monitor_wrap.c6
-rw-r--r--usr.bin/ssh/packet.c16
-rw-r--r--usr.bin/ssh/readpass.c8
-rw-r--r--usr.bin/ssh/rsa.c10
-rw-r--r--usr.bin/ssh/serverloop.c4
-rw-r--r--usr.bin/ssh/ssh-add.c8
-rw-r--r--usr.bin/ssh/ssh-agent.c6
-rw-r--r--usr.bin/ssh/ssh-dss.c10
-rw-r--r--usr.bin/ssh/ssh-ecdsa.c8
-rw-r--r--usr.bin/ssh/ssh-ed25519.c10
-rw-r--r--usr.bin/ssh/ssh-keygen.c34
-rw-r--r--usr.bin/ssh/ssh-rsa.c14
-rw-r--r--usr.bin/ssh/sshconnect.c4
-rw-r--r--usr.bin/ssh/sshconnect1.c23
-rw-r--r--usr.bin/ssh/sshconnect2.c18
-rw-r--r--usr.bin/ssh/sshd.c12
38 files changed, 163 insertions, 159 deletions
diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c
index eac5ad7a91d..6d01c52e637 100644
--- a/usr.bin/ssh/auth1.c
+++ b/usr.bin/ssh/auth1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.80 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -122,7 +122,7 @@ auth1_process_password(Authctxt *authctxt)
/* Try authentication with the password. */
authenticated = PRIVSEP(auth_password(authctxt, password));
- memset(password, 0, dlen);
+ explicit_bzero(password, dlen);
free(password);
return (authenticated);
@@ -217,7 +217,7 @@ auth1_process_tis_response(Authctxt *authctxt)
response = packet_get_string(&dlen);
packet_check_eom();
authenticated = verify_response(authctxt, response);
- memset(response, 'r', dlen);
+ explicit_bzero(response, dlen);
free(response);
return (authenticated);
diff --git a/usr.bin/ssh/auth2-chall.c b/usr.bin/ssh/auth2-chall.c
index 364629e7c34..b3c1a2f8750 100644
--- a/usr.bin/ssh/auth2-chall.c
+++ b/usr.bin/ssh/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.40 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.41 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -267,7 +267,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
for (i = 0; i < nresp; i++) {
- memset(response[i], 'r', strlen(response[i]));
+ explicit_bzero(response[i], strlen(response[i]));
free(response[i]);
}
free(response);
diff --git a/usr.bin/ssh/auth2-passwd.c b/usr.bin/ssh/auth2-passwd.c
index 8ce7cad81b8..ae11d1f9886 100644
--- a/usr.bin/ssh/auth2-passwd.c
+++ b/usr.bin/ssh/auth2-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.11 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -57,7 +57,7 @@ userauth_passwd(Authctxt *authctxt)
if (change) {
/* discard new password from packet */
newpass = packet_get_string(&newlen);
- memset(newpass, 0, newlen);
+ explicit_bzero(newpass, newlen);
free(newpass);
}
packet_check_eom();
@@ -66,7 +66,7 @@ userauth_passwd(Authctxt *authctxt)
logit("password change not supported");
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
authenticated = 1;
- memset(password, 0, len);
+ explicit_bzero(password, len);
free(password);
return authenticated;
}
diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c
index 610602807b3..bcb170abf74 100644
--- a/usr.bin/ssh/authfile.c
+++ b/usr.bin/ssh/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.102 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: authfile.c,v 1.103 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -124,7 +124,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
buffer_put_int(&kdf, rounds);
}
cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);
- memset(key, 0, keylen + ivlen);
+ explicit_bzero(key, keylen + ivlen);
free(key);
buffer_init(&encoded);
@@ -136,7 +136,7 @@ key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
key_to_blob(prv, &cp, &len); /* public key */
buffer_put_string(&encoded, cp, len);
- memset(cp, 0, len);
+ explicit_bzero(cp, len);
free(cp);
buffer_free(&kdf);
@@ -402,7 +402,7 @@ key_parse_private2(Buffer *blob, int type, const char *passphrase,
free(salt);
free(comment);
if (key)
- memset(key, 0, keylen + ivlen);
+ explicit_bzero(key, keylen + ivlen);
free(key);
buffer_free(&encoded);
buffer_free(&copy);
@@ -489,10 +489,10 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)
fatal("%s: cipher_crypt failed", __func__);
cipher_cleanup(&ciphercontext);
- memset(&ciphercontext, 0, sizeof(ciphercontext));
+ explicit_bzero(&ciphercontext, sizeof(ciphercontext));
/* Destroy temporary data. */
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
buffer_free(&buffer);
buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
@@ -818,7 +818,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
buffer_ptr(&copy), buffer_len(&copy), 0, 0) != 0)
fatal("%s: cipher_crypt failed", __func__);
cipher_cleanup(&ciphercontext);
- memset(&ciphercontext, 0, sizeof(ciphercontext));
+ explicit_bzero(&ciphercontext, sizeof(ciphercontext));
buffer_free(&copy);
check1 = buffer_get_char(&decrypted);
diff --git a/usr.bin/ssh/bufaux.c b/usr.bin/ssh/bufaux.c
index 501c11029ec..61ac9888881 100644
--- a/usr.bin/ssh/bufaux.c
+++ b/usr.bin/ssh/bufaux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.55 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -344,7 +344,7 @@ buffer_get_bignum2_as_string_ret(Buffer *buffer, u_int *length_ptr)
}
ret = xmalloc(len);
memcpy(ret, p, len);
- memset(p, '\0', len);
+ explicit_bzero(p, len);
free(bin);
return ret;
}
@@ -381,7 +381,7 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
}
memcpy(p, s, l);
buffer_put_string(buffer, buf, l + pad);
- memset(buf, '\0', l + pad);
+ explicit_bzero(buf, l + pad);
free(buf);
}
diff --git a/usr.bin/ssh/bufbn.c b/usr.bin/ssh/bufbn.c
index bb647ed87e4..aa8ab53050a 100644
--- a/usr.bin/ssh/bufbn.c
+++ b/usr.bin/ssh/bufbn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufbn.c,v 1.8 2013/11/08 11:15:19 dtucker Exp $*/
+/* $OpenBSD: bufbn.c,v 1.9 2014/02/02 03:44:31 djm Exp $*/
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -78,7 +78,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
/* Store the binary data. */
buffer_append(buffer, buf, oi);
- memset(buf, 0, bin_size);
+ explicit_bzero(buf, bin_size);
free(buf);
return (0);
@@ -171,7 +171,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
}
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
- memset(buf, 0, bytes);
+ explicit_bzero(buf, bytes);
free(buf);
return (0);
}
diff --git a/usr.bin/ssh/buffer.c b/usr.bin/ssh/buffer.c
index 1b9cd8a3f4e..eb765f1f320 100644
--- a/usr.bin/ssh/buffer.c
+++ b/usr.bin/ssh/buffer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: buffer.c,v 1.34 2013/11/08 11:15:19 dtucker Exp $ */
+/* $OpenBSD: buffer.c,v 1.35 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -47,7 +47,7 @@ void
buffer_free(Buffer *buffer)
{
if (buffer->alloc > 0) {
- memset(buffer->buf, 0, buffer->alloc);
+ explicit_bzero(buffer->buf, buffer->alloc);
buffer->alloc = 0;
free(buffer->buf);
}
diff --git a/usr.bin/ssh/cipher-3des1.c b/usr.bin/ssh/cipher-3des1.c
index 3629647a1b4..6cf9b1bc0a5 100644
--- a/usr.bin/ssh/cipher-3des1.c
+++ b/usr.bin/ssh/cipher-3des1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher-3des1.c,v 1.9 2013/11/08 00:39:15 djm Exp $ */
+/* $OpenBSD: cipher-3des1.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
@@ -83,7 +83,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
- memset(c, 0, sizeof(*c));
+ explicit_bzero(c, sizeof(*c));
free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
return (0);
@@ -116,7 +116,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
EVP_CIPHER_CTX_cleanup(&c->k1);
EVP_CIPHER_CTX_cleanup(&c->k2);
EVP_CIPHER_CTX_cleanup(&c->k3);
- memset(c, 0, sizeof(*c));
+ explicit_bzero(c, sizeof(*c));
free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
}
diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c
index 4655623764b..6047d41c982 100644
--- a/usr.bin/ssh/cipher.c
+++ b/usr.bin/ssh/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.95 2014/01/27 19:18:54 markus Exp $ */
+/* $OpenBSD: cipher.c,v 1.96 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -317,7 +317,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher,
if (EVP_Cipher(&cc->evp, discard, junk,
cipher->discard_len) == 0)
fatal("evp_crypt: EVP_Cipher failed during discard");
- memset(discard, 0, cipher->discard_len);
+ explicit_bzero(discard, cipher->discard_len);
free(junk);
free(discard);
}
@@ -402,7 +402,7 @@ void
cipher_cleanup(CipherContext *cc)
{
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
- memset(&cc->cp_ctx, 0, sizeof(cc->cp_ctx));
+ explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
}
@@ -424,7 +424,7 @@ cipher_set_key_string(CipherContext *cc, const Cipher *cipher,
cipher_init(cc, cipher, digest, 16, NULL, 0, do_encrypt);
- memset(digest, 0, sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
}
/*
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index 71553e592c7..3201b8a0c7a 100644
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.257 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: clientloop.c,v 1.258 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1749,7 +1749,7 @@ client_input_stdout_data(int type, u_int32_t seq, void *ctxt)
char *data = packet_get_string(&data_len);
packet_check_eom();
buffer_append(&stdout_buffer, data, data_len);
- memset(data, 0, data_len);
+ explicit_bzero(data, data_len);
free(data);
}
static void
@@ -1759,7 +1759,7 @@ client_input_stderr_data(int type, u_int32_t seq, void *ctxt)
char *data = packet_get_string(&data_len);
packet_check_eom();
buffer_append(&stderr_buffer, data, data_len);
- memset(data, 0, data_len);
+ explicit_bzero(data, data_len);
free(data);
}
static void
diff --git a/usr.bin/ssh/digest-libc.c b/usr.bin/ssh/digest-libc.c
index 8745bdfa7ce..4db4a0cd394 100644
--- a/usr.bin/ssh/digest-libc.c
+++ b/usr.bin/ssh/digest-libc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest-libc.c,v 1.1 2014/01/28 20:13:46 markus Exp $ */
+/* $OpenBSD: digest-libc.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
* Copyright (c) 2014 Markus Friedl. All rights reserved.
@@ -207,9 +207,9 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
if (ctx != NULL) {
digest = ssh_digest_by_alg(ctx->alg);
if (digest) {
- memset(ctx->mdctx, 0, digest->ctx_len);
+ explicit_bzero(ctx->mdctx, digest->ctx_len);
free(ctx->mdctx);
- memset(ctx, 0, sizeof(*ctx));
+ explicit_bzero(ctx, sizeof(*ctx));
free(ctx);
}
}
diff --git a/usr.bin/ssh/digest-openssl.c b/usr.bin/ssh/digest-openssl.c
index 5bbc667441a..70d00d3096c 100644
--- a/usr.bin/ssh/digest-openssl.c
+++ b/usr.bin/ssh/digest-openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest-openssl.c,v 1.1 2014/01/28 20:13:46 markus Exp $ */
+/* $OpenBSD: digest-openssl.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
*
@@ -134,7 +134,7 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
{
if (ctx != NULL) {
EVP_MD_CTX_cleanup(&ctx->mdctx);
- memset(ctx, 0, sizeof(*ctx));
+ explicit_bzero(ctx, sizeof(*ctx));
free(ctx);
}
}
diff --git a/usr.bin/ssh/gss-serv.c b/usr.bin/ssh/gss-serv.c
index cc7e4260d5c..b4ea7c4e7ec 100644
--- a/usr.bin/ssh/gss-serv.c
+++ b/usr.bin/ssh/gss-serv.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.25 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -342,7 +342,8 @@ ssh_gssapi_userok(char *user)
gss_release_buffer(&lmin, &gssapi_client.displayname);
gss_release_buffer(&lmin, &gssapi_client.exportedname);
gss_release_cred(&lmin, &gssapi_client.creds);
- memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
+ explicit_bzero(&gssapi_client,
+ sizeof(ssh_gssapi_client));
return 0;
}
else
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index f9f092f26ff..5b24945e062 100644
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.97 2014/01/25 20:35:37 markus Exp $ */
+/* $OpenBSD: kex.c,v 1.98 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -646,8 +646,8 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
fatal("%s: ssh_digest_final failed", __func__);
memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5));
- memset(nbuf, 0, sizeof(nbuf));
- memset(obuf, 0, sizeof(obuf));
+ explicit_bzero(nbuf, sizeof(nbuf));
+ explicit_bzero(obuf, sizeof(obuf));
}
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
diff --git a/usr.bin/ssh/kexdhc.c b/usr.bin/ssh/kexdhc.c
index 308c0bc2eeb..129155c47d0 100644
--- a/usr.bin/ssh/kexdhc.c
+++ b/usr.bin/ssh/kexdhc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhc.c,v 1.14 2014/01/12 08:13:13 djm Exp $ */
+/* $OpenBSD: kexdhc.c,v 1.15 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -121,7 +121,7 @@ kexdh_client(Kex *kex)
fatal("kexdh_client: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_client: BN_bin2bn failed");
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
/* calc and verify H */
diff --git a/usr.bin/ssh/kexdhs.c b/usr.bin/ssh/kexdhs.c
index db19f472652..c0114258f8c 100644
--- a/usr.bin/ssh/kexdhs.c
+++ b/usr.bin/ssh/kexdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.17 2014/01/12 08:13:13 djm Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.18 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -107,7 +107,7 @@ kexdh_server(Kex *kex)
fatal("kexdh_server: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_server: BN_bin2bn failed");
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
diff --git a/usr.bin/ssh/kexecdhc.c b/usr.bin/ssh/kexecdhc.c
index 20a373c028e..4dd8af4df66 100644
--- a/usr.bin/ssh/kexecdhc.c
+++ b/usr.bin/ssh/kexecdhc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhc.c,v 1.6 2014/01/12 08:13:13 djm Exp $ */
+/* $OpenBSD: kexecdhc.c,v 1.7 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -115,7 +115,7 @@ kexecdh_client(Kex *kex)
fatal("%s: BN_new failed", __func__);
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
fatal("%s: BN_bin2bn failed", __func__);
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
/* calc and verify H */
diff --git a/usr.bin/ssh/kexecdhs.c b/usr.bin/ssh/kexecdhs.c
index f0a75750dfe..eb379307cb3 100644
--- a/usr.bin/ssh/kexecdhs.c
+++ b/usr.bin/ssh/kexecdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhs.c,v 1.9 2014/01/12 08:13:13 djm Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -99,7 +99,7 @@ kexecdh_server(Kex *kex)
fatal("%s: BN_new failed", __func__);
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
fatal("%s: BN_bin2bn failed", __func__);
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
/* calc H */
diff --git a/usr.bin/ssh/kexgexc.c b/usr.bin/ssh/kexgexc.c
index 7d1a755a1b3..0bca8204e58 100644
--- a/usr.bin/ssh/kexgexc.c
+++ b/usr.bin/ssh/kexgexc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.16 2014/01/25 10:12:50 dtucker Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.17 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -159,7 +159,7 @@ kexgex_client(Kex *kex)
fatal("kexgex_client: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_client: BN_bin2bn failed");
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
if (datafellows & SSH_OLD_DHGEX)
diff --git a/usr.bin/ssh/kexgexs.c b/usr.bin/ssh/kexgexs.c
index 67d295c43c2..e25c46f1d00 100644
--- a/usr.bin/ssh/kexgexs.c
+++ b/usr.bin/ssh/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.18 2014/01/12 08:13:13 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.19 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -147,7 +147,7 @@ kexgex_server(Kex *kex)
fatal("kexgex_server: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_server: BN_bin2bn failed");
- memset(kbuf, 0, klen);
+ explicit_bzero(kbuf, klen);
free(kbuf);
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c
index 5b075ebe181..7ee213845f5 100644
--- a/usr.bin/ssh/key.c
+++ b/usr.bin/ssh/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.115 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: key.c,v 1.116 2014/02/02 03:44:31 djm Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -233,12 +233,12 @@ key_free(Key *k)
case KEY_ED25519:
case KEY_ED25519_CERT:
if (k->ed25519_pk) {
- memset(k->ed25519_pk, 0, ED25519_PK_SZ);
+ explicit_bzero(k->ed25519_pk, ED25519_PK_SZ);
free(k->ed25519_pk);
k->ed25519_pk = NULL;
}
if (k->ed25519_sk) {
- memset(k->ed25519_sk, 0, ED25519_SK_SZ);
+ explicit_bzero(k->ed25519_sk, ED25519_SK_SZ);
free(k->ed25519_sk);
k->ed25519_sk = NULL;
}
@@ -402,7 +402,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
if ((ssh_digest_memory(hash_alg, blob, len,
retval, SSH_DIGEST_MAX_LENGTH)) != 0)
fatal("%s: digest_memory failed", __func__);
- memset(blob, 0, len);
+ explicit_bzero(blob, len);
free(blob);
*dgst_raw_length = ssh_digest_bytes(hash_alg);
} else {
@@ -610,7 +610,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
dgst_rep);
break;
}
- memset(dgst_raw, 0, dgst_raw_len);
+ explicit_bzero(dgst_raw, dgst_raw_len);
free(dgst_raw);
return retval;
}
@@ -1687,7 +1687,7 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain)
*blobp = xmalloc(len);
memcpy(*blobp, buffer_ptr(&b), len);
}
- memset(buffer_ptr(&b), 0, len);
+ explicit_bzero(buffer_ptr(&b), len);
buffer_free(&b);
return len;
}
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 175bb8931d8..703031a9bc5 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.130 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -758,7 +758,7 @@ mm_answer_authpassword(int sock, Buffer *m)
/* Only authenticate if the context is valid */
authenticated = options.password_authentication &&
auth_password(authctxt, passwd);
- memset(passwd, 0, strlen(passwd));
+ explicit_bzero(passwd, strlen(passwd));
free(passwd);
buffer_clear(m);
@@ -1469,13 +1469,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
/* XXX inefficient for large buffers, need: buffer_init_from_string */
buffer_clear(packet_get_input());
buffer_append(packet_get_input(), child_state.input, child_state.ilen);
- memset(child_state.input, 0, child_state.ilen);
+ explicit_bzero(child_state.input, child_state.ilen);
free(child_state.input);
buffer_clear(packet_get_output());
buffer_append(packet_get_output(), child_state.output,
child_state.olen);
- memset(child_state.output, 0, child_state.olen);
+ explicit_bzero(child_state.output, child_state.olen);
free(child_state.output);
/* Roaming */
diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c
index b3139b239b1..b001ffd5adc 100644
--- a/usr.bin/ssh/monitor_wrap.c
+++ b/usr.bin/ssh/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.78 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.79 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -559,7 +559,7 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
*blobp = xmalloc(len);
memcpy(*blobp, buffer_ptr(&b), len);
}
- memset(buffer_ptr(&b), 0, len);
+ explicit_bzero(buffer_ptr(&b), len);
buffer_free(&b);
return len;
}
@@ -603,7 +603,7 @@ mm_send_keystate(struct monitor *monitor)
key = xmalloc(keylen+1); /* add 1 if keylen == 0 */
keylen = packet_get_encryption_key(key);
buffer_put_string(&m, key, keylen);
- memset(key, 0, keylen);
+ explicit_bzero(key, keylen);
free(key);
ivlen = packet_get_keyiv_len(MODE_OUT);
diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index bdf567fbaec..4e1f3bc8da9 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.191 2013/12/06 13:34:54 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.192 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -753,9 +753,9 @@ set_newkeys(int mode)
mac = &active_state->newkeys[mode]->mac;
comp = &active_state->newkeys[mode]->comp;
mac_clear(mac);
- memset(enc->iv, 0, enc->iv_len);
- memset(enc->key, 0, enc->key_len);
- memset(mac->key, 0, mac->key_len);
+ explicit_bzero(enc->iv, enc->iv_len);
+ explicit_bzero(enc->key, enc->key_len);
+ explicit_bzero(mac->key, mac->key_len);
free(enc->name);
free(enc->iv);
free(enc->key);
@@ -776,9 +776,9 @@ set_newkeys(int mode)
cipher_init(cc, enc->cipher, enc->key, enc->key_len,
enc->iv, enc->iv_len, crypt_type);
/* Deleting the keys does not gain extra security */
- /* memset(enc->iv, 0, enc->block_size);
- memset(enc->key, 0, enc->key_len);
- memset(mac->key, 0, mac->key_len); */
+ /* explicit_bzero(enc->iv, enc->block_size);
+ explicit_bzero(enc->key, enc->key_len);
+ explicit_bzero(mac->key, mac->key_len); */
if ((comp->type == COMP_ZLIB ||
(comp->type == COMP_DELAYED &&
active_state->after_authentication)) && comp->enabled == 0) {
@@ -917,7 +917,7 @@ packet_send2_wrapped(void)
}
} else {
/* clear padding */
- memset(cp, 0, padlen);
+ explicit_bzero(cp, padlen);
}
/* sizeof (packet_len + pad_len + payload + padding) */
len = buffer_len(&active_state->outgoing_packet);
diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c
index f3c5cbfbabe..b5a86d782a7 100644
--- a/usr.bin/ssh/readpass.c
+++ b/usr.bin/ssh/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.50 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -96,13 +96,13 @@ ssh_askpass(char *askpass, const char *msg)
break;
signal(SIGCHLD, osigchld);
if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return NULL;
}
buf[strcspn(buf, "\r\n")] = '\0';
pass = xstrdup(buf);
- memset(buf, 0, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
return pass;
}
@@ -159,7 +159,7 @@ read_passphrase(const char *prompt, int flags)
}
ret = xstrdup(buf);
- memset(buf, 'x', sizeof buf);
+ explicit_bzero(buf, sizeof(buf));
return ret;
}
diff --git a/usr.bin/ssh/rsa.c b/usr.bin/ssh/rsa.c
index 9788a016c27..fe1fd0b6494 100644
--- a/usr.bin/ssh/rsa.c
+++ b/usr.bin/ssh/rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */
+/* $OpenBSD: rsa.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -91,8 +91,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
if (BN_bin2bn(outbuf, len, out) == NULL)
fatal("rsa_public_encrypt: BN_bin2bn failed");
- memset(outbuf, 0, olen);
- memset(inbuf, 0, ilen);
+ explicit_bzero(outbuf, olen);
+ explicit_bzero(inbuf, ilen);
free(outbuf);
free(inbuf);
}
@@ -117,8 +117,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
if (BN_bin2bn(outbuf, len, out) == NULL)
fatal("rsa_private_decrypt: BN_bin2bn failed");
}
- memset(outbuf, 0, olen);
- memset(inbuf, 0, ilen);
+ explicit_bzero(outbuf, olen);
+ explicit_bzero(inbuf, ilen);
free(outbuf);
free(inbuf);
return len;
diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c
index 58eeba10ca1..526fbb99104 100644
--- a/usr.bin/ssh/serverloop.c
+++ b/usr.bin/ssh/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.169 2013/12/19 00:19:12 dtucker Exp $ */
+/* $OpenBSD: serverloop.c,v 1.170 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -888,7 +888,7 @@ server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
data = packet_get_string(&data_len);
packet_check_eom();
buffer_append(&stdin_buffer, data, data_len);
- memset(data, 0, data_len);
+ explicit_bzero(data, data_len);
free(data);
}
diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c
index 9f70fe137c0..a9a8f6e721b 100644
--- a/usr.bin/ssh/ssh-add.c
+++ b/usr.bin/ssh/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.108 2013/12/19 00:10:30 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.109 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -84,7 +84,7 @@ static void
clear_pass(void)
{
if (pass) {
- memset(pass, 0, strlen(pass));
+ explicit_bzero(pass, strlen(pass));
free(pass);
pass = NULL;
}
@@ -360,7 +360,7 @@ lock_agent(AuthenticationConnection *ac, int lock)
fprintf(stderr, "Passwords do not match.\n");
passok = 0;
}
- memset(p2, 0, strlen(p2));
+ explicit_bzero(p2, strlen(p2));
free(p2);
}
if (passok && ssh_lock_agent(ac, lock, p1)) {
@@ -368,7 +368,7 @@ lock_agent(AuthenticationConnection *ac, int lock)
ret = 0;
} else
fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un");
- memset(p1, 0, strlen(p1));
+ explicit_bzero(p1, strlen(p1));
free(p1);
return (ret);
}
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index f24369bd6a2..9ba8b5170b1 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.182 2014/01/27 19:18:54 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.183 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -540,7 +540,7 @@ process_lock_agent(SocketEntry *e, int lock)
passwd = buffer_get_string(&e->request, NULL);
if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
locked = 0;
- memset(lock_passwd, 0, strlen(lock_passwd));
+ explicit_bzero(lock_passwd, strlen(lock_passwd));
free(lock_passwd);
lock_passwd = NULL;
success = 1;
@@ -549,7 +549,7 @@ process_lock_agent(SocketEntry *e, int lock)
lock_passwd = xstrdup(passwd);
success = 1;
}
- memset(passwd, 0, strlen(passwd));
+ explicit_bzero(passwd, strlen(passwd));
free(passwd);
buffer_put_int(&e->output, 1);
diff --git a/usr.bin/ssh/ssh-dss.c b/usr.bin/ssh/ssh-dss.c
index cd206fd44c3..4ab3aa97533 100644
--- a/usr.bin/ssh/ssh-dss.c
+++ b/usr.bin/ssh/ssh-dss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.30 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -62,7 +62,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
}
sig = DSA_do_sign(digest, dlen, key->dsa);
- memset(digest, 'd', sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
if (sig == NULL) {
error("ssh_dss_sign: sign failed");
@@ -76,7 +76,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
DSA_SIG_free(sig);
return -1;
}
- memset(sigblob, 0, SIGBLOB_LEN);
+ explicit_bzero(sigblob, SIGBLOB_LEN);
BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
DSA_SIG_free(sig);
@@ -165,7 +165,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
fatal("%s: BN_bin2bn failed", __func__);
/* clean up */
- memset(sigblob, 0, len);
+ explicit_bzero(sigblob, len);
free(sigblob);
/* sha1 the data */
@@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
}
ret = DSA_do_verify(digest, dlen, sig, key->dsa);
- memset(digest, 'd', sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
DSA_SIG_free(sig);
diff --git a/usr.bin/ssh/ssh-ecdsa.c b/usr.bin/ssh/ssh-ecdsa.c
index 4570aa3d355..41c2ea63b7f 100644
--- a/usr.bin/ssh/ssh-ecdsa.c
+++ b/usr.bin/ssh/ssh-ecdsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa.c,v 1.8 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: ssh-ecdsa.c,v 1.9 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -68,7 +68,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
}
sig = ECDSA_do_sign(digest, dlen, key->ecdsa);
- memset(digest, 'd', sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
if (sig == NULL) {
error("%s: sign failed", __func__);
@@ -149,7 +149,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
buffer_free(&bb);
/* clean up */
- memset(sigblob, 0, len);
+ explicit_bzero(sigblob, len);
free(sigblob);
/* hash the data */
@@ -165,7 +165,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
}
ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa);
- memset(digest, 'd', sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
ECDSA_SIG_free(sig);
diff --git a/usr.bin/ssh/ssh-ed25519.c b/usr.bin/ssh/ssh-ed25519.c
index c03c16346c5..ece438c7ccc 100644
--- a/usr.bin/ssh/ssh-ed25519.c
+++ b/usr.bin/ssh/ssh-ed25519.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ed25519.c,v 1.1 2013/12/06 13:39:49 markus Exp $ */
+/* $OpenBSD: ssh-ed25519.c,v 1.2 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
*
@@ -64,7 +64,7 @@ ssh_ed25519_sign(const Key *key, u_char **sigp, u_int *lenp,
memcpy(*sigp, buffer_ptr(&b), len);
}
buffer_free(&b);
- memset(sig, 's', slen);
+ explicit_bzero(sig, slen);
free(sig);
return 0;
@@ -128,9 +128,9 @@ ssh_ed25519_verify(const Key *key, const u_char *signature, u_int signaturelen,
}
/* XXX compare 'm' and 'data' ? */
- memset(sigblob, 's', len);
- memset(sm, 'S', smlen);
- memset(m, 'm', smlen); /* NB. mlen may be invalid if ret != 0 */
+ explicit_bzero(sigblob, len);
+ explicit_bzero(sm, smlen);
+ explicit_bzero(m, smlen); /* NB. mlen may be invalid if ret != 0 */
free(sigblob);
free(sm);
free(m);
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index 368d6772456..f5072240217 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.239 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.240 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -260,7 +260,7 @@ load_identity(char *filename)
pass = read_passphrase("Enter passphrase: ",
RP_ALLOW_STDIN);
prv = key_load_private(filename, pass, NULL);
- memset(pass, 0, strlen(pass));
+ explicit_bzero(pass, strlen(pass));
free(pass);
}
return prv;
@@ -1243,7 +1243,7 @@ do_change_passphrase(struct passwd *pw)
RP_ALLOW_STDIN);
private = key_load_private(identity_file, old_passphrase,
&comment);
- memset(old_passphrase, 0, strlen(old_passphrase));
+ explicit_bzero(old_passphrase, strlen(old_passphrase));
free(old_passphrase);
if (private == NULL) {
printf("Bad passphrase.\n");
@@ -1265,15 +1265,15 @@ do_change_passphrase(struct passwd *pw)
/* Verify that they are the same. */
if (strcmp(passphrase1, passphrase2) != 0) {
- memset(passphrase1, 0, strlen(passphrase1));
- memset(passphrase2, 0, strlen(passphrase2));
+ explicit_bzero(passphrase1, strlen(passphrase1));
+ explicit_bzero(passphrase2, strlen(passphrase2));
free(passphrase1);
free(passphrase2);
printf("Pass phrases do not match. Try again.\n");
exit(1);
}
/* Destroy the other copy. */
- memset(passphrase2, 0, strlen(passphrase2));
+ explicit_bzero(passphrase2, strlen(passphrase2));
free(passphrase2);
}
@@ -1281,14 +1281,14 @@ do_change_passphrase(struct passwd *pw)
if (!key_save_private(private, identity_file, passphrase1, comment,
use_new_format, new_format_cipher, rounds)) {
printf("Saving the key failed: %s.\n", identity_file);
- memset(passphrase1, 0, strlen(passphrase1));
+ explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
key_free(private);
free(comment);
exit(1);
}
/* Destroy the passphrase and the copy of the key in memory. */
- memset(passphrase1, 0, strlen(passphrase1));
+ explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
key_free(private); /* Destroys contents */
free(comment);
@@ -1360,7 +1360,7 @@ do_change_comment(struct passwd *pw)
/* Try to load using the passphrase. */
private = key_load_private(identity_file, passphrase, &comment);
if (private == NULL) {
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
printf("Bad passphrase.\n");
exit(1);
@@ -1381,7 +1381,7 @@ do_change_comment(struct passwd *pw)
printf("Enter new comment: ");
fflush(stdout);
if (!fgets(new_comment, sizeof(new_comment), stdin)) {
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
key_free(private);
exit(1);
}
@@ -1392,13 +1392,13 @@ do_change_comment(struct passwd *pw)
if (!key_save_private(private, identity_file, passphrase, new_comment,
use_new_format, new_format_cipher, rounds)) {
printf("Saving the key failed: %s.\n", identity_file);
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
key_free(private);
free(comment);
exit(1);
}
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
public = key_from_private(private);
key_free(private);
@@ -2613,15 +2613,15 @@ passphrase_again:
* The passphrases do not match. Clear them and
* retry.
*/
- memset(passphrase1, 0, strlen(passphrase1));
- memset(passphrase2, 0, strlen(passphrase2));
+ explicit_bzero(passphrase1, strlen(passphrase1));
+ explicit_bzero(passphrase2, strlen(passphrase2));
free(passphrase1);
free(passphrase2);
printf("Passphrases do not match. Try again.\n");
goto passphrase_again;
}
/* Clear the other copy of the passphrase. */
- memset(passphrase2, 0, strlen(passphrase2));
+ explicit_bzero(passphrase2, strlen(passphrase2));
free(passphrase2);
}
@@ -2636,12 +2636,12 @@ passphrase_again:
if (!key_save_private(private, identity_file, passphrase1, comment,
use_new_format, new_format_cipher, rounds)) {
printf("Saving the key failed: %s.\n", identity_file);
- memset(passphrase1, 0, strlen(passphrase1));
+ explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
exit(1);
}
/* Clear the passphrase. */
- memset(passphrase1, 0, strlen(passphrase1));
+ explicit_bzero(passphrase1, strlen(passphrase1));
free(passphrase1);
/* Clear the private key and the random number generator. */
diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c
index 27b50808593..eaf9b316fca 100644
--- a/usr.bin/ssh/ssh-rsa.c
+++ b/usr.bin/ssh/ssh-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.50 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.51 2014/02/02 03:44:31 djm Exp $ */
/*
* Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
*
@@ -67,7 +67,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
sig = xmalloc(slen);
ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
- memset(digest, 'd', sizeof(digest));
+ explicit_bzero(digest, sizeof(digest));
if (ok != 1) {
int ecode = ERR_get_error();
@@ -81,7 +81,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
u_int diff = slen - len;
debug("slen %u > len %u", slen, len);
memmove(sig + diff, sig, len);
- memset(sig, 0, diff);
+ explicit_bzero(sig, diff);
} else if (len > slen) {
error("%s: slen %u slen2 %u", __func__, slen, len);
free(sig);
@@ -99,7 +99,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
memcpy(*sigp, buffer_ptr(&b), len);
}
buffer_free(&b);
- memset(sig, 's', slen);
+ explicit_bzero(sig, slen);
free(sig);
return 0;
@@ -158,7 +158,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
modlen, len);
sigblob = xrealloc(sigblob, 1, modlen);
memmove(sigblob + diff, sigblob, len);
- memset(sigblob, 0, diff);
+ explicit_bzero(sigblob, diff);
len = modlen;
}
/* hash the data */
@@ -175,8 +175,8 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,
key->rsa);
- memset(digest, 'd', sizeof(digest));
- memset(sigblob, 's', len);
+ explicit_bzero(digest, sizeof(digest));
+ explicit_bzero(sigblob, len);
free(sigblob);
debug("%s: signature %scorrect", __func__, (ret == 0) ? "in" : "");
return ret;
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index f8ecb785b39..e3af605dc44 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.244 2014/01/09 23:26:48 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.245 2014/02/02 03:44:31 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1273,7 +1273,7 @@ ssh_put_password(char *password)
padded = xcalloc(1, size);
strlcpy(padded, password, size);
packet_put_string(padded, size);
- memset(padded, 0, size);
+ explicit_bzero(padded, size);
free(padded);
}
diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c
index 4689d55d78c..359bf9fd3ef 100644
--- a/usr.bin/ssh/sshconnect1.c
+++ b/usr.bin/ssh/sshconnect1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.73 2014/01/27 19:18:54 markus Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -117,7 +117,7 @@ try_agent_authentication(void)
* return a wrong value.
*/
logit("Authentication agent failed to decrypt challenge.");
- memset(response, 0, sizeof(response));
+ explicit_bzero(response, sizeof(response));
}
key_free(key);
debug("Sending response to RSA challenge.");
@@ -192,9 +192,9 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
packet_send();
packet_write_wait();
- memset(buf, 0, sizeof(buf));
- memset(response, 0, sizeof(response));
- memset(&md, 0, sizeof(md));
+ explicit_bzero(buf, sizeof(buf));
+ explicit_bzero(response, sizeof(response));
+ explicit_bzero(&md, sizeof(md));
}
/*
@@ -268,7 +268,7 @@ try_rsa_authentication(int idx)
debug2("no passphrase given, try next key");
quit = 1;
}
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
if (private != NULL || quit)
break;
@@ -424,7 +424,7 @@ try_challenge_response_authentication(void)
}
packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
ssh_put_password(response);
- memset(response, 0, strlen(response));
+ explicit_bzero(response, strlen(response));
free(response);
packet_send();
packet_write_wait();
@@ -457,7 +457,7 @@ try_password_authentication(char *prompt)
password = read_passphrase(prompt, 0);
packet_start(SSH_CMSG_AUTH_PASSWORD);
ssh_put_password(password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
packet_send();
packet_write_wait();
@@ -649,8 +649,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
/* Set the encryption key. */
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
- /* We will no longer need the session key here. Destroy any extra copies. */
- memset(session_key, 0, sizeof(session_key));
+ /*
+ * We will no longer need the session key here.
+ * Destroy any extra copies.
+ */
+ explicit_bzero(session_key, sizeof(session_key));
/*
* Expect a success message from the server. Note that this message
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 85c6717b6fa..23e2f7f5240 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.203 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -863,7 +863,7 @@ userauth_passwd(Authctxt *authctxt)
packet_put_cstring(authctxt->method->name);
packet_put_char(0);
packet_put_cstring(password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
packet_add_padding(64);
packet_send();
@@ -909,7 +909,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
authctxt->server_user, host);
password = read_passphrase(prompt, 0);
packet_put_cstring(password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
password = NULL;
while (password == NULL) {
@@ -926,16 +926,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
authctxt->server_user, host);
retype = read_passphrase(prompt, 0);
if (strcmp(password, retype) != 0) {
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
logit("Mismatch; try again, EOF to quit.");
password = NULL;
}
- memset(retype, 0, strlen(retype));
+ explicit_bzero(retype, strlen(retype));
free(retype);
}
packet_put_cstring(password);
- memset(password, 0, strlen(password));
+ explicit_bzero(password, strlen(password));
free(password);
packet_add_padding(64);
packet_send();
@@ -1120,7 +1120,7 @@ load_identity_file(char *filename, int userprovided)
debug2("no passphrase given, try next key");
quit = 1;
}
- memset(passphrase, 0, strlen(passphrase));
+ explicit_bzero(passphrase, strlen(passphrase));
free(passphrase);
if (private != NULL || quit)
break;
@@ -1379,7 +1379,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
response = read_passphrase(prompt, echo ? RP_ECHO : 0);
packet_put_cstring(response);
- memset(response, 0, strlen(response));
+ explicit_bzero(response, strlen(response));
free(response);
free(prompt);
}
@@ -1549,7 +1549,7 @@ userauth_hostbased(Authctxt *authctxt)
packet_put_cstring(chost);
packet_put_cstring(authctxt->local_user);
packet_put_string(signature, slen);
- memset(signature, 's', slen);
+ explicit_bzero(signature, slen);
free(signature);
free(chost);
free(pkalg);
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index f0cad5698cb..abe65a5a7b6 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.417 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: sshd.c,v 1.418 2014/02/02 03:44:32 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -558,7 +558,7 @@ destroy_sensitive_data(void)
}
}
sensitive_data.ssh1_host_key = NULL;
- memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH);
+ explicit_bzero(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
}
/* Demote private to public keys for network child */
@@ -608,7 +608,7 @@ privsep_preauth_child(void)
if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
- memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+ explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd));
endpwent();
/* Change our root directory */
@@ -2195,7 +2195,7 @@ do_ssh1_kex(void)
get_remote_ipaddr(), len, (u_long)sizeof(session_key));
rsafail++;
} else {
- memset(session_key, 0, sizeof(session_key));
+ explicit_bzero(session_key, sizeof(session_key));
BN_bn2bin(session_key_int,
session_key + sizeof(session_key) - len);
@@ -2233,7 +2233,7 @@ do_ssh1_kex(void)
sizeof(session_key) - 16) < 0)
fatal("%s: md5 failed", __func__);
ssh_digest_free(md);
- memset(buf, 0, bytes);
+ explicit_bzero(buf, bytes);
free(buf);
for (i = 0; i < 16; i++)
session_id[i] = session_key[i] ^ session_key[i + 16];
@@ -2251,7 +2251,7 @@ do_ssh1_kex(void)
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
/* Destroy our copy of the session key. It is no longer needed. */
- memset(session_key, 0, sizeof(session_key));
+ explicit_bzero(session_key, sizeof(session_key));
debug("Received session key; encryption turned on.");