diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2015-09-10 15:56:27 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-09-10 15:56:27 +0000 |
commit | 63d39522f96d4bd39e7daf8931da8c3e3f3da8d1 (patch) | |
tree | 1ac64c28043e985cdac4b8f921232fb0fef46ebb /lib | |
parent | e424644100148be711d3368e992cbd6cc2f05ab9 (diff) |
Correct spelling of OPENSSL_cleanse.
ok miod@
Diffstat (limited to 'lib')
70 files changed, 213 insertions, 201 deletions
diff --git a/lib/libssl/src/crypto/aes/aes_wrap.c b/lib/libssl/src/crypto/aes/aes_wrap.c index 4479473e6b9..ac2f83a9938 100644 --- a/lib/libssl/src/crypto/aes/aes_wrap.c +++ b/lib/libssl/src/crypto/aes/aes_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aes_wrap.c,v 1.9 2014/07/11 08:44:47 jsing Exp $ */ +/* $OpenBSD: aes_wrap.c,v 1.10 2015/09/10 15:56:24 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -126,7 +126,7 @@ AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, if (!iv) iv = default_iv; if (memcmp(A, iv, 8)) { - OPENSSL_cleanse(out, inlen); + explicit_bzero(out, inlen); return 0; } return inlen; diff --git a/lib/libssl/src/crypto/asn1/a_sign.c b/lib/libssl/src/crypto/asn1/a_sign.c index d9385312a7d..195daa3b9f2 100644 --- a/lib/libssl/src/crypto/asn1/a_sign.c +++ b/lib/libssl/src/crypto/asn1/a_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_sign.c,v 1.20 2015/07/19 18:29:31 miod Exp $ */ +/* $OpenBSD: a_sign.c,v 1.21 2015/09/10 15:56:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -112,6 +112,7 @@ #include <sys/types.h> #include <stdio.h> +#include <string.h> #include <time.h> #include <openssl/bn.h> @@ -229,11 +230,11 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, err: EVP_MD_CTX_cleanup(ctx); if (buf_in != NULL) { - OPENSSL_cleanse((char *)buf_in, inl); + explicit_bzero((char *)buf_in, inl); free(buf_in); } if (buf_out != NULL) { - OPENSSL_cleanse((char *)buf_out, outll); + explicit_bzero((char *)buf_out, outll); free(buf_out); } return (outl); diff --git a/lib/libssl/src/crypto/asn1/a_verify.c b/lib/libssl/src/crypto/asn1/a_verify.c index 3fc79b78f6f..12b76501e0f 100644 --- a/lib/libssl/src/crypto/asn1/a_verify.c +++ b/lib/libssl/src/crypto/asn1/a_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_verify.c,v 1.21 2015/01/28 04:14:31 beck Exp $ */ +/* $OpenBSD: a_verify.c,v 1.22 2015/09/10 15:56:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,7 @@ #include <sys/types.h> #include <stdio.h> +#include <string.h> #include <time.h> #include <openssl/bn.h> @@ -152,7 +153,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - OPENSSL_cleanse(buf_in, (unsigned int)inl); + explicit_bzero(buf_in, (unsigned int)inl); free(buf_in); if (EVP_DigestVerifyFinal(&ctx, signature->data, diff --git a/lib/libssl/src/crypto/asn1/n_pkey.c b/lib/libssl/src/crypto/asn1/n_pkey.c index d3a7431356a..491f988e924 100644 --- a/lib/libssl/src/crypto/asn1/n_pkey.c +++ b/lib/libssl/src/crypto/asn1/n_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: n_pkey.c,v 1.26 2015/03/19 14:00:22 tedu Exp $ */ +/* $OpenBSD: n_pkey.c,v 1.27 2015/09/10 15:56:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -277,7 +277,7 @@ i2d_RSA_NET(const RSA *a, unsigned char **pp, i2d_NETSCAPE_PKEY(pkey, &zz); /* Wipe the private key encoding */ - OPENSSL_cleanse(pkey->private_key->data, rsalen); + explicit_bzero(pkey->private_key->data, rsalen); if (cb == NULL) cb = EVP_read_pw_string; @@ -297,7 +297,7 @@ i2d_RSA_NET(const RSA *a, unsigned char **pp, if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL)) goto err; - OPENSSL_cleanse(buf, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); /* Encrypt private key in place */ zz = enckey->enckey->digest->data; @@ -394,7 +394,7 @@ d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL)) goto err; - OPENSSL_cleanse(buf, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) goto err; diff --git a/lib/libssl/src/crypto/asn1/p8_pkey.c b/lib/libssl/src/crypto/asn1/p8_pkey.c index 2f7a469673b..71d579456af 100644 --- a/lib/libssl/src/crypto/asn1/p8_pkey.c +++ b/lib/libssl/src/crypto/asn1/p8_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p8_pkey.c,v 1.16 2015/07/16 18:21:57 miod Exp $ */ +/* $OpenBSD: p8_pkey.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/asn1t.h> #include <openssl/x509.h> @@ -71,7 +72,7 @@ pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) if (key->pkey != NULL && key->pkey->type == V_ASN1_OCTET_STRING && key->pkey->value.octet_string != NULL) - OPENSSL_cleanse(key->pkey->value.octet_string->data, + explicit_bzero(key->pkey->value.octet_string->data, key->pkey->value.octet_string->length); } return 1; diff --git a/lib/libssl/src/crypto/bn/bn_exp.c b/lib/libssl/src/crypto/bn/bn_exp.c index 4a28c2c6058..c4ca36d1365 100644 --- a/lib/libssl/src/crypto/bn/bn_exp.c +++ b/lib/libssl/src/crypto/bn/bn_exp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp.c,v 1.22 2015/03/21 08:05:20 doug Exp $ */ +/* $OpenBSD: bn_exp.c,v 1.23 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -825,7 +825,7 @@ err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); if (powerbuf != NULL) { - OPENSSL_cleanse(powerbuf, powerbufLen); + explicit_bzero(powerbuf, powerbufLen); free(powerbufFree); } BN_CTX_end(ctx); diff --git a/lib/libssl/src/crypto/bn/bn_lib.c b/lib/libssl/src/crypto/bn/bn_lib.c index d0cb49cd1e7..7cc76c1e854 100644 --- a/lib/libssl/src/crypto/bn/bn_lib.c +++ b/lib/libssl/src/crypto/bn/bn_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_lib.c,v 1.33 2014/07/12 16:03:36 miod Exp $ */ +/* $OpenBSD: bn_lib.c,v 1.34 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -221,11 +221,11 @@ BN_clear_free(BIGNUM *a) return; bn_check_top(a); if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) { - OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); + explicit_bzero(a->d, a->dmax * sizeof(a->d[0])); free(a->d); } i = BN_get_flags(a, BN_FLG_MALLOCED); - OPENSSL_cleanse(a, sizeof(BIGNUM)); + explicit_bzero(a, sizeof(BIGNUM)); if (i) free(a); } @@ -395,7 +395,7 @@ bn_expand2(BIGNUM *b, int words) if (!a) return NULL; if (b->d) { - OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); + explicit_bzero(b->d, b->dmax * sizeof(b->d[0])); free(b->d); } b->d = a; diff --git a/lib/libssl/src/crypto/bn/bn_rand.c b/lib/libssl/src/crypto/bn/bn_rand.c index ac5c5eb3089..783f6c22f80 100644 --- a/lib/libssl/src/crypto/bn/bn_rand.c +++ b/lib/libssl/src/crypto/bn/bn_rand.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */ +/* $OpenBSD: bn_rand.c,v 1.18 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -111,6 +111,7 @@ #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <time.h> #include <openssl/err.h> @@ -186,7 +187,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) err: if (buf != NULL) { - OPENSSL_cleanse(buf, bytes); + explicit_bzero(buf, bytes); free(buf); } bn_check_top(rnd); diff --git a/lib/libssl/src/crypto/cmac/cmac.c b/lib/libssl/src/crypto/cmac/cmac.c index 18635b942a8..d01ae0f3aee 100644 --- a/lib/libssl/src/crypto/cmac/cmac.c +++ b/lib/libssl/src/crypto/cmac/cmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmac.c,v 1.9 2014/07/12 14:58:32 miod Exp $ */ +/* $OpenBSD: cmac.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -107,10 +107,10 @@ void CMAC_CTX_cleanup(CMAC_CTX *ctx) { EVP_CIPHER_CTX_cleanup(&ctx->cctx); - OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); - OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); - OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH); - OPENSSL_cleanse(ctx->last_block, EVP_MAX_BLOCK_LENGTH); + explicit_bzero(ctx->tbl, EVP_MAX_BLOCK_LENGTH); + explicit_bzero(ctx->k1, EVP_MAX_BLOCK_LENGTH); + explicit_bzero(ctx->k2, EVP_MAX_BLOCK_LENGTH); + explicit_bzero(ctx->last_block, EVP_MAX_BLOCK_LENGTH); ctx->nlast_block = -1; } @@ -183,7 +183,7 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); - OPENSSL_cleanse(ctx->tbl, bl); + explicit_bzero(ctx->tbl, bl); /* Reset context again ready for first data block */ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; @@ -260,7 +260,7 @@ CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) out[i] = ctx->last_block[i] ^ ctx->k2[i]; } if (!EVP_Cipher(&ctx->cctx, out, out, bl)) { - OPENSSL_cleanse(out, bl); + explicit_bzero(out, bl); return 0; } return 1; diff --git a/lib/libssl/src/crypto/cms/cms_asn1.c b/lib/libssl/src/crypto/cms/cms_asn1.c index 02a594575db..e4502598329 100644 --- a/lib/libssl/src/crypto/cms/cms_asn1.c +++ b/lib/libssl/src/crypto/cms/cms_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_asn1.c,v 1.6 2015/07/25 15:22:10 jsing Exp $ */ +/* $OpenBSD: cms_asn1.c,v 1.7 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -888,13 +888,13 @@ cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) } else if (ri->type == CMS_RECIPINFO_KEK) { CMS_KEKRecipientInfo *kekri = ri->d.kekri; if (kekri->key) { - OPENSSL_cleanse(kekri->key, kekri->keylen); + explicit_bzero(kekri->key, kekri->keylen); free(kekri->key); } } else if (ri->type == CMS_RECIPINFO_PASS) { CMS_PasswordRecipientInfo *pwri = ri->d.pwri; if (pwri->pass) { - OPENSSL_cleanse(pwri->pass, pwri->passlen); + explicit_bzero(pwri->pass, pwri->passlen); free(pwri->pass); } } diff --git a/lib/libssl/src/crypto/cms/cms_enc.c b/lib/libssl/src/crypto/cms/cms_enc.c index f97e4d5f345..c967a18a3c3 100644 --- a/lib/libssl/src/crypto/cms/cms_enc.c +++ b/lib/libssl/src/crypto/cms/cms_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_enc.c,v 1.6 2014/10/22 13:02:04 jsing Exp $ */ +/* $OpenBSD: cms_enc.c,v 1.7 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -164,7 +164,7 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) goto err; } else { /* Use random key */ - OPENSSL_cleanse(ec->key, ec->keylen); + explicit_bzero(ec->key, ec->keylen); free(ec->key); ec->key = tkey; ec->keylen = tkeylen; @@ -197,12 +197,12 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) err: if (ec->key && !keep_key) { - OPENSSL_cleanse(ec->key, ec->keylen); + explicit_bzero(ec->key, ec->keylen); free(ec->key); ec->key = NULL; } if (tkey) { - OPENSSL_cleanse(tkey, tkeylen); + explicit_bzero(tkey, tkeylen); free(tkey); } if (ok) diff --git a/lib/libssl/src/crypto/cms/cms_env.c b/lib/libssl/src/crypto/cms/cms_env.c index 63b24b63742..e483c4539fc 100644 --- a/lib/libssl/src/crypto/cms/cms_env.c +++ b/lib/libssl/src/crypto/cms/cms_env.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_env.c,v 1.8 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: cms_env.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -406,7 +406,7 @@ cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) ret = 1; if (ec->key) { - OPENSSL_cleanse(ec->key, ec->keylen); + explicit_bzero(ec->key, ec->keylen); free(ec->key); } @@ -654,7 +654,7 @@ cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) err: if (!r && wkey) free(wkey); - OPENSSL_cleanse(&actx, sizeof(actx)); + explicit_bzero(&actx, sizeof(actx)); return r; } @@ -727,7 +727,7 @@ cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) err: if (!r && ukey) free(ukey); - OPENSSL_cleanse(&actx, sizeof(actx)); + explicit_bzero(&actx, sizeof(actx)); return r; } @@ -806,7 +806,7 @@ cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) err: ec->cipher = NULL; if (ec->key) { - OPENSSL_cleanse(ec->key, ec->keylen); + explicit_bzero(ec->key, ec->keylen); free(ec->key); ec->key = NULL; ec->keylen = 0; diff --git a/lib/libssl/src/crypto/cms/cms_pwri.c b/lib/libssl/src/crypto/cms/cms_pwri.c index 11509e3c113..7055ba5d3b6 100644 --- a/lib/libssl/src/crypto/cms/cms_pwri.c +++ b/lib/libssl/src/crypto/cms/cms_pwri.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_pwri.c,v 1.9 2015/05/15 11:00:14 jsg Exp $ */ +/* $OpenBSD: cms_pwri.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -262,7 +262,7 @@ kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in, rv = 1; err: - OPENSSL_cleanse(tmp, inlen); + explicit_bzero(tmp, inlen); free(tmp); return rv; } diff --git a/lib/libssl/src/crypto/des/str2key.c b/lib/libssl/src/crypto/des/str2key.c index 8999eb292a7..ce17e2659b3 100644 --- a/lib/libssl/src/crypto/des/str2key.c +++ b/lib/libssl/src/crypto/des/str2key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: str2key.c,v 1.9 2014/10/28 07:35:58 jsg Exp $ */ +/* $OpenBSD: str2key.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -95,7 +95,7 @@ void DES_string_to_key(const char *str, DES_cblock *key) DES_set_key_unchecked(key,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key); - OPENSSL_cleanse(&ks,sizeof(ks)); + explicit_bzero(&ks,sizeof(ks)); DES_set_odd_parity(key); } @@ -168,7 +168,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) DES_set_key_unchecked(key2,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2); - OPENSSL_cleanse(&ks,sizeof(ks)); + explicit_bzero(&ks,sizeof(ks)); DES_set_odd_parity(key1); DES_set_odd_parity(key2); } diff --git a/lib/libssl/src/crypto/ec/ec_key.c b/lib/libssl/src/crypto/ec/ec_key.c index 45192c3231b..fa962e4d0ff 100644 --- a/lib/libssl/src/crypto/ec/ec_key.c +++ b/lib/libssl/src/crypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.11 2015/02/09 15:49:22 jsing Exp $ */ +/* $OpenBSD: ec_key.c,v 1.12 2015/09/10 15:56:25 jsing Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -122,7 +122,7 @@ EC_KEY_free(EC_KEY * r) EC_EX_DATA_free_all_data(&r->method_data); - OPENSSL_cleanse((void *) r, sizeof(EC_KEY)); + explicit_bzero((void *) r, sizeof(EC_KEY)); free(r); } diff --git a/lib/libssl/src/crypto/ec/ec_lib.c b/lib/libssl/src/crypto/ec/ec_lib.c index a12a2ffbb6f..c28ab18fc00 100644 --- a/lib/libssl/src/crypto/ec/ec_lib.c +++ b/lib/libssl/src/crypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.18 2015/05/20 04:33:35 miod Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -152,10 +152,10 @@ EC_GROUP_clear_free(EC_GROUP * group) BN_clear_free(&group->cofactor); if (group->seed) { - OPENSSL_cleanse(group->seed, group->seed_len); + explicit_bzero(group->seed, group->seed_len); free(group->seed); } - OPENSSL_cleanse(group, sizeof *group); + explicit_bzero(group, sizeof *group); free(group); } @@ -754,7 +754,7 @@ EC_POINT_clear_free(EC_POINT * point) point->meth->point_clear_finish(point); else if (point->meth->point_finish != 0) point->meth->point_finish(point); - OPENSSL_cleanse(point, sizeof *point); + explicit_bzero(point, sizeof *point); free(point); } diff --git a/lib/libssl/src/crypto/ec/ec_mult.c b/lib/libssl/src/crypto/ec/ec_mult.c index 68f55cfcb34..e428ac586b1 100644 --- a/lib/libssl/src/crypto/ec/ec_mult.c +++ b/lib/libssl/src/crypto/ec/ec_mult.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_mult.c,v 1.18 2015/02/15 08:44:35 miod Exp $ */ +/* $OpenBSD: ec_mult.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */ /* * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ @@ -173,11 +173,11 @@ ec_pre_comp_clear_free(void *pre_) for (p = pre->points; *p != NULL; p++) { EC_POINT_clear_free(*p); - OPENSSL_cleanse(p, sizeof *p); + explicit_bzero(p, sizeof *p); } free(pre->points); } - OPENSSL_cleanse(pre, sizeof *pre); + explicit_bzero(pre, sizeof *pre); free(pre); } diff --git a/lib/libssl/src/crypto/ec/ecp_nistp224.c b/lib/libssl/src/crypto/ec/ecp_nistp224.c index d29113045a5..0976f24a9fd 100644 --- a/lib/libssl/src/crypto/ec/ecp_nistp224.c +++ b/lib/libssl/src/crypto/ec/ecp_nistp224.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistp224.c,v 1.16 2015/02/08 22:25:03 miod Exp $ */ +/* $OpenBSD: ecp_nistp224.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */ /* * Written by Emilia Kasper (Google) for the OpenSSL project. */ @@ -1239,7 +1239,7 @@ nistp224_pre_comp_clear_free(void *pre_) if (i > 0) return; - OPENSSL_cleanse(pre, sizeof *pre); + explicit_bzero(pre, sizeof *pre); free(pre); } diff --git a/lib/libssl/src/crypto/ec/ecp_nistp256.c b/lib/libssl/src/crypto/ec/ecp_nistp256.c index 23a2131980d..be1d2a5402f 100644 --- a/lib/libssl/src/crypto/ec/ecp_nistp256.c +++ b/lib/libssl/src/crypto/ec/ecp_nistp256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistp256.c,v 1.15 2015/02/08 22:25:03 miod Exp $ */ +/* $OpenBSD: ecp_nistp256.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */ /* * Written by Adam Langley (Google) for the OpenSSL project */ @@ -1788,7 +1788,7 @@ nistp256_pre_comp_clear_free(void *pre_) if (i > 0) return; - OPENSSL_cleanse(pre, sizeof *pre); + explicit_bzero(pre, sizeof *pre); free(pre); } diff --git a/lib/libssl/src/crypto/ec/ecp_nistp521.c b/lib/libssl/src/crypto/ec/ecp_nistp521.c index 6382091cf91..cfa13b41f8e 100644 --- a/lib/libssl/src/crypto/ec/ecp_nistp521.c +++ b/lib/libssl/src/crypto/ec/ecp_nistp521.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistp521.c,v 1.16 2015/02/08 22:25:03 miod Exp $ */ +/* $OpenBSD: ecp_nistp521.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */ /* * Written by Adam Langley (Google) for the OpenSSL project */ @@ -1679,7 +1679,7 @@ nistp521_pre_comp_clear_free(void *pre_) if (i > 0) return; - OPENSSL_cleanse(pre, sizeof(*pre)); + explicit_bzero(pre, sizeof(*pre)); free(pre); } diff --git a/lib/libssl/src/crypto/ecdh/ech_lib.c b/lib/libssl/src/crypto/ecdh/ech_lib.c index 43c4f8ce311..58dddf638f3 100644 --- a/lib/libssl/src/crypto/ecdh/ech_lib.c +++ b/lib/libssl/src/crypto/ecdh/ech_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_lib.c,v 1.8 2015/02/07 13:19:15 doug Exp $ */ +/* $OpenBSD: ech_lib.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -180,7 +180,7 @@ void ecdh_data_free(void *data) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); - OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); + explicit_bzero((void *)r, sizeof(ECDH_DATA)); free(r); } diff --git a/lib/libssl/src/crypto/ecdsa/ecs_lib.c b/lib/libssl/src/crypto/ecdsa/ecs_lib.c index dba888cb48a..1ba788b4f06 100644 --- a/lib/libssl/src/crypto/ecdsa/ecs_lib.c +++ b/lib/libssl/src/crypto/ecdsa/ecs_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_lib.c,v 1.9 2015/02/08 13:35:07 jsing Exp $ */ +/* $OpenBSD: ecs_lib.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * @@ -170,7 +170,7 @@ ecdsa_data_free(void *data) #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); - OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); + explicit_bzero((void *)r, sizeof(ECDSA_DATA)); free(r); } diff --git a/lib/libssl/src/crypto/evp/bio_enc.c b/lib/libssl/src/crypto/evp/bio_enc.c index e367faa9678..1920c6d1808 100644 --- a/lib/libssl/src/crypto/evp/bio_enc.c +++ b/lib/libssl/src/crypto/evp/bio_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_enc.c,v 1.18 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: bio_enc.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -135,7 +135,7 @@ enc_free(BIO *a) return (0); b = (BIO_ENC_CTX *)a->ptr; EVP_CIPHER_CTX_cleanup(&(b->cipher)); - OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX)); + explicit_bzero(a->ptr, sizeof(BIO_ENC_CTX)); free(a->ptr); a->ptr = NULL; a->init = 0; diff --git a/lib/libssl/src/crypto/evp/e_aes.c b/lib/libssl/src/crypto/evp/e_aes.c index 0a9455a5d2f..a6d48085c3c 100644 --- a/lib/libssl/src/crypto/evp/e_aes.c +++ b/lib/libssl/src/crypto/evp/e_aes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes.c,v 1.28 2015/06/20 12:01:14 jsing Exp $ */ +/* $OpenBSD: e_aes.c,v 1.29 2015/09/10 15:56:25 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * @@ -690,7 +690,7 @@ aes_gcm_cleanup(EVP_CIPHER_CTX *c) if (gctx->iv != c->iv) free(gctx->iv); - OPENSSL_cleanse(gctx, sizeof(*gctx)); + explicit_bzero(gctx, sizeof(*gctx)); return 1; } @@ -972,7 +972,7 @@ aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* If tag mismatch wipe buffer */ if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { - OPENSSL_cleanse(out, len); + explicit_bzero(out, len); goto err; } rv = len; @@ -1339,7 +1339,7 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } if (rv == -1) - OPENSSL_cleanse(out, len); + explicit_bzero(out, len); cctx->iv_set = 0; cctx->tag_set = 0; cctx->len_set = 0; @@ -1417,7 +1417,7 @@ aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) { struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; - OPENSSL_cleanse(gcm_ctx, sizeof(*gcm_ctx)); + explicit_bzero(gcm_ctx, sizeof(*gcm_ctx)); free(gcm_ctx); } diff --git a/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c b/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c index 7c23face341..c76c2b1c52b 100644 --- a/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.8 2014/07/12 20:37:07 miod Exp $ */ +/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. * @@ -502,7 +502,7 @@ aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) SHA1_Init(&key->tail); SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key)); - OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); + explicit_bzero(hmac_key, sizeof(hmac_key)); return 1; } diff --git a/lib/libssl/src/crypto/evp/e_chacha20poly1305.c b/lib/libssl/src/crypto/evp/e_chacha20poly1305.c index c003b0ba7f6..9deb40b72af 100644 --- a/lib/libssl/src/crypto/evp/e_chacha20poly1305.c +++ b/lib/libssl/src/crypto/evp/e_chacha20poly1305.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_chacha20poly1305.c,v 1.9 2015/06/20 12:01:14 jsing Exp $ */ +/* $OpenBSD: e_chacha20poly1305.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * @@ -71,7 +71,7 @@ aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) { struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; - OPENSSL_cleanse(c20_ctx->key, sizeof(c20_ctx->key)); + explicit_bzero(c20_ctx->key, sizeof(c20_ctx->key)); free(c20_ctx); } diff --git a/lib/libssl/src/crypto/evp/e_idea.c b/lib/libssl/src/crypto/evp/e_idea.c index 3ba4dbcdb97..454ad4e6722 100644 --- a/lib/libssl/src/crypto/evp/e_idea.c +++ b/lib/libssl/src/crypto/evp/e_idea.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_idea.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: e_idea.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/opensslconf.h> @@ -115,7 +116,7 @@ idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, idea_set_encrypt_key(key, &tmp); idea_set_decrypt_key(&tmp, ctx->cipher_data); - OPENSSL_cleanse((unsigned char *)&tmp, + explicit_bzero((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); } return 1; diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c index 42ccfceec98..99bf59e05f4 100644 --- a/lib/libssl/src/crypto/evp/evp_enc.c +++ b/lib/libssl/src/crypto/evp/evp_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_enc.c,v 1.26 2015/02/10 09:52:35 miod Exp $ */ +/* $OpenBSD: evp_enc.c,v 1.27 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -562,7 +562,7 @@ EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) return 0; /* Cleanse cipher context data */ if (c->cipher_data) - OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); + explicit_bzero(c->cipher_data, c->cipher->ctx_size); } free(c->cipher_data); #ifndef OPENSSL_NO_ENGINE diff --git a/lib/libssl/src/crypto/evp/evp_key.c b/lib/libssl/src/crypto/evp/evp_key.c index 0678536ccb4..2c76743e428 100644 --- a/lib/libssl/src/crypto/evp/evp_key.c +++ b/lib/libssl/src/crypto/evp/evp_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_key.c,v 1.22 2015/02/10 09:55:39 miod Exp $ */ +/* $OpenBSD: evp_key.c,v 1.23 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -116,7 +116,7 @@ EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, } ret = UI_process(ui); UI_free(ui); - OPENSSL_cleanse(buff, BUFSIZ); + explicit_bzero(buff, BUFSIZ); return ret; } @@ -201,6 +201,6 @@ EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, err: EVP_MD_CTX_cleanup(&c); - OPENSSL_cleanse(md_buf, sizeof md_buf); + explicit_bzero(md_buf, sizeof md_buf); return rv; } diff --git a/lib/libssl/src/crypto/evp/p5_crpt.c b/lib/libssl/src/crypto/evp/p5_crpt.c index 112a69114c8..626910fd7ab 100644 --- a/lib/libssl/src/crypto/evp/p5_crpt.c +++ b/lib/libssl/src/crypto/evp/p5_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt.c,v 1.15 2015/02/10 09:52:35 miod Exp $ */ +/* $OpenBSD: p5_crpt.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -147,9 +147,9 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_CIPHER_iv_length(cipher)); if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) goto err; - OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); - OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); - OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); + explicit_bzero(md_tmp, EVP_MAX_MD_SIZE); + explicit_bzero(key, EVP_MAX_KEY_LENGTH); + explicit_bzero(iv, EVP_MAX_IV_LENGTH); rv = 1; err: EVP_MD_CTX_cleanup(&ctx); diff --git a/lib/libssl/src/crypto/evp/p5_crpt2.c b/lib/libssl/src/crypto/evp/p5_crpt2.c index afafb9551f8..632c2c76ce0 100644 --- a/lib/libssl/src/crypto/evp/p5_crpt2.c +++ b/lib/libssl/src/crypto/evp/p5_crpt2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_crpt2.c,v 1.20 2015/02/14 15:49:51 miod Exp $ */ +/* $OpenBSD: p5_crpt2.c,v 1.21 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -300,7 +300,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); err: - OPENSSL_cleanse(key, keylen); + explicit_bzero(key, keylen); PBKDF2PARAM_free(kdf); return rv; } diff --git a/lib/libssl/src/crypto/evp/p_open.c b/lib/libssl/src/crypto/evp/p_open.c index aca83e74f66..002a6dea706 100644 --- a/lib/libssl/src/crypto/evp/p_open.c +++ b/lib/libssl/src/crypto/evp/p_open.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_open.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: p_open.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/opensslconf.h> @@ -109,7 +110,7 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, err: if (key != NULL) - OPENSSL_cleanse(key, size); + explicit_bzero(key, size); free(key); return (ret); } diff --git a/lib/libssl/src/crypto/gost/gost2814789.c b/lib/libssl/src/crypto/gost/gost2814789.c index b1bef9eae3e..e285413ed46 100644 --- a/lib/libssl/src/crypto/gost/gost2814789.c +++ b/lib/libssl/src/crypto/gost/gost2814789.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gost2814789.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */ +/* $OpenBSD: gost2814789.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> * Copyright (c) 2005-2006 Cryptocom LTD @@ -464,7 +464,7 @@ GOST2814789IMIT(const unsigned char *d, size_t n, unsigned char *md, int nid, Gost2814789_set_key(&c.cipher, key, 256); GOST2814789IMIT_Update(&c, d, n); GOST2814789IMIT_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); + explicit_bzero(&c, sizeof(c)); return (md); } diff --git a/lib/libssl/src/crypto/gost/gostr341001_key.c b/lib/libssl/src/crypto/gost/gostr341001_key.c index dbe360620a8..894a189e3bc 100644 --- a/lib/libssl/src/crypto/gost/gostr341001_key.c +++ b/lib/libssl/src/crypto/gost/gostr341001_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001_key.c,v 1.5 2015/02/14 06:40:04 jsing Exp $ */ +/* $OpenBSD: gostr341001_key.c,v 1.6 2015/09/10 15:56:25 jsing Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> * Copyright (c) 2005-2006 Cryptocom LTD @@ -49,6 +49,8 @@ * ==================================================================== */ +#include <string.h> + #include <openssl/opensslconf.h> #ifndef OPENSSL_NO_GOST @@ -103,7 +105,7 @@ GOST_KEY_free(GOST_KEY *r) EC_POINT_free(r->pub_key); BN_clear_free(r->priv_key); - OPENSSL_cleanse((void *)r, sizeof(GOST_KEY)); + explicit_bzero((void *)r, sizeof(GOST_KEY)); free(r); } diff --git a/lib/libssl/src/crypto/gost/gostr341194.c b/lib/libssl/src/crypto/gost/gostr341194.c index 32c166aefa0..2a462185aa4 100644 --- a/lib/libssl/src/crypto/gost/gostr341194.c +++ b/lib/libssl/src/crypto/gost/gostr341194.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341194.c,v 1.4 2015/07/15 17:13:17 beck Exp $ */ +/* $OpenBSD: gostr341194.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> * Copyright (c) 2005-2006 Cryptocom LTD @@ -267,7 +267,7 @@ GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid) return 0; GOSTR341194_Update(&c, d, n); GOSTR341194_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); + explicit_bzero(&c, sizeof(c)); return (md); } #endif diff --git a/lib/libssl/src/crypto/gost/streebog.c b/lib/libssl/src/crypto/gost/streebog.c index 8060161d11f..902472bd9e2 100644 --- a/lib/libssl/src/crypto/gost/streebog.c +++ b/lib/libssl/src/crypto/gost/streebog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: streebog.c,v 1.4 2014/12/07 16:33:51 jsing Exp $ */ +/* $OpenBSD: streebog.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> * Copyright (c) 2005-2006 Cryptocom LTD @@ -1455,7 +1455,7 @@ STREEBOG256(const unsigned char *d, size_t n, unsigned char *md) STREEBOG256_Init(&c); STREEBOG256_Update(&c, d, n); STREEBOG256_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); + explicit_bzero(&c, sizeof(c)); return (md); } @@ -1470,7 +1470,7 @@ STREEBOG512(const unsigned char *d, size_t n, unsigned char *md) STREEBOG512_Init(&c); STREEBOG512_Update(&c, d, n); STREEBOG512_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); + explicit_bzero(&c, sizeof(c)); return (md); } diff --git a/lib/libssl/src/crypto/hmac/hm_ameth.c b/lib/libssl/src/crypto/hmac/hm_ameth.c index da3471c4fd4..cfa02397051 100644 --- a/lib/libssl/src/crypto/hmac/hm_ameth.c +++ b/lib/libssl/src/crypto/hmac/hm_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hm_ameth.c,v 1.9 2015/07/20 15:45:29 miod Exp $ */ +/* $OpenBSD: hm_ameth.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2007. */ @@ -83,7 +83,7 @@ hmac_key_free(EVP_PKEY *pkey) if (os) { if (os->data) - OPENSSL_cleanse(os->data, os->length); + explicit_bzero(os->data, os->length); ASN1_OCTET_STRING_free(os); } } diff --git a/lib/libssl/src/crypto/hmac/hm_pmeth.c b/lib/libssl/src/crypto/hmac/hm_pmeth.c index 255f4ece8bb..c5ac6c00c0f 100644 --- a/lib/libssl/src/crypto/hmac/hm_pmeth.c +++ b/lib/libssl/src/crypto/hmac/hm_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hm_pmeth.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: hm_pmeth.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2007. */ @@ -124,7 +124,7 @@ pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) HMAC_CTX_cleanup(&hctx->ctx); if (hctx->ktmp.data) { if (hctx->ktmp.length) - OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); + explicit_bzero(hctx->ktmp.data, hctx->ktmp.length); free(hctx->ktmp.data); hctx->ktmp.data = NULL; } diff --git a/lib/libssl/src/crypto/md4/md4_one.c b/lib/libssl/src/crypto/md4/md4_one.c index 144f131914f..9577d6577bf 100644 --- a/lib/libssl/src/crypto/md4/md4_one.c +++ b/lib/libssl/src/crypto/md4/md4_one.c @@ -1,4 +1,4 @@ -/* $OpenBSD: md4_one.c,v 1.7 2015/09/10 15:03:58 jsing Exp $ */ +/* $OpenBSD: md4_one.c,v 1.8 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,7 +71,7 @@ unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) return NULL; MD4_Update(&c,d,n); MD4_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); + explicit_bzero(&c,sizeof(c)); return(md); } diff --git a/lib/libssl/src/crypto/md5/md5_one.c b/lib/libssl/src/crypto/md5/md5_one.c index f4cc56adb22..3fb05de30c3 100644 --- a/lib/libssl/src/crypto/md5/md5_one.c +++ b/lib/libssl/src/crypto/md5/md5_one.c @@ -1,4 +1,4 @@ -/* $OpenBSD: md5_one.c,v 1.9 2015/09/10 15:03:59 jsing Exp $ */ +/* $OpenBSD: md5_one.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,7 +71,7 @@ unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) return NULL; MD5_Update(&c,d,n); MD5_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); + explicit_bzero(&c,sizeof(c)); return(md); } diff --git a/lib/libssl/src/crypto/modes/gcm128.c b/lib/libssl/src/crypto/modes/gcm128.c index 4a72901a334..dd6d91e8807 100644 --- a/lib/libssl/src/crypto/modes/gcm128.c +++ b/lib/libssl/src/crypto/modes/gcm128.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gcm128.c,v 1.12 2015/02/10 09:46:30 miod Exp $ */ +/* $OpenBSD: gcm128.c,v 1.13 2015/09/10 15:56:25 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2010 The OpenSSL Project. All rights reserved. * @@ -1533,7 +1533,7 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) { if (ctx) { - OPENSSL_cleanse(ctx,sizeof(*ctx)); + explicit_bzero(ctx,sizeof(*ctx)); free(ctx); } } diff --git a/lib/libssl/src/crypto/pem/pem_info.c b/lib/libssl/src/crypto/pem/pem_info.c index 6fe72ce742e..191e3b5b104 100644 --- a/lib/libssl/src/crypto/pem/pem_info.c +++ b/lib/libssl/src/crypto/pem/pem_info.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_info.c,v 1.20 2015/02/10 09:52:35 miod Exp $ */ +/* $OpenBSD: pem_info.c,v 1.21 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -400,7 +400,7 @@ PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, ret = 1; err: - OPENSSL_cleanse((char *)&ctx, sizeof(ctx)); - OPENSSL_cleanse(buf, PEM_BUFSIZE); + explicit_bzero((char *)&ctx, sizeof(ctx)); + explicit_bzero(buf, PEM_BUFSIZE); return (ret); } diff --git a/lib/libssl/src/crypto/pem/pem_lib.c b/lib/libssl/src/crypto/pem/pem_lib.c index 6f8759a9ee9..852b0eaf866 100644 --- a/lib/libssl/src/crypto/pem/pem_lib.c +++ b/lib/libssl/src/crypto/pem/pem_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_lib.c,v 1.41 2015/07/19 18:29:31 miod Exp $ */ +/* $OpenBSD: pem_lib.c,v 1.42 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -403,7 +403,7 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, goto err; if (kstr == (unsigned char *)buf) - OPENSSL_cleanse(buf, PEM_BUFSIZE); + explicit_bzero(buf, PEM_BUFSIZE); if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, @@ -434,12 +434,12 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, if (i <= 0) ret = 0; err: - OPENSSL_cleanse(key, sizeof(key)); - OPENSSL_cleanse(iv, sizeof(iv)); - OPENSSL_cleanse((char *)&ctx, sizeof(ctx)); - OPENSSL_cleanse(buf, PEM_BUFSIZE); + explicit_bzero(key, sizeof(key)); + explicit_bzero(iv, sizeof(iv)); + explicit_bzero((char *)&ctx, sizeof(ctx)); + explicit_bzero(buf, PEM_BUFSIZE); if (data != NULL) { - OPENSSL_cleanse(data, (unsigned int)dsize); + explicit_bzero(data, (unsigned int)dsize); free(data); } return (ret); @@ -480,8 +480,8 @@ PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, if (o) o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j); EVP_CIPHER_CTX_cleanup(&ctx); - OPENSSL_cleanse((char *)buf, sizeof(buf)); - OPENSSL_cleanse((char *)key, sizeof(key)); + explicit_bzero((char *)buf, sizeof(buf)); + explicit_bzero((char *)key, sizeof(key)); if (!o) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT); return (0); @@ -640,7 +640,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, EVP_EncodeFinal(&ctx, buf, &outl); if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) goto err; - OPENSSL_cleanse(buf, PEM_BUFSIZE * 8); + explicit_bzero(buf, PEM_BUFSIZE * 8); free(buf); buf = NULL; if ((BIO_write(bp, "-----END ", 9) != 9) || @@ -651,7 +651,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, err: if (buf) { - OPENSSL_cleanse(buf, PEM_BUFSIZE * 8); + explicit_bzero(buf, PEM_BUFSIZE * 8); free(buf); } PEMerr(PEM_F_PEM_WRITE_BIO, reason); diff --git a/lib/libssl/src/crypto/pem/pem_pk8.c b/lib/libssl/src/crypto/pem/pem_pk8.c index 5b0fcc236bc..d02dec15464 100644 --- a/lib/libssl/src/crypto/pem/pem_pk8.c +++ b/lib/libssl/src/crypto/pem/pem_pk8.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_pk8.c,v 1.9 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: pem_pk8.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/buffer.h> #include <openssl/err.h> @@ -135,7 +136,7 @@ do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, } p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); if (kstr == buf) - OPENSSL_cleanse(buf, klen); + explicit_bzero(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); if (isder) ret = i2d_PKCS8_bio(bp, p8); diff --git a/lib/libssl/src/crypto/pem/pem_pkey.c b/lib/libssl/src/crypto/pem/pem_pkey.c index e9c0a8b1c9f..afb476f818d 100644 --- a/lib/libssl/src/crypto/pem/pem_pkey.c +++ b/lib/libssl/src/crypto/pem/pem_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_pkey.c,v 1.20 2015/02/11 03:19:37 doug Exp $ */ +/* $OpenBSD: pem_pkey.c,v 1.21 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -144,7 +144,7 @@ p8err: PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB); err: free(nm); - OPENSSL_cleanse(data, len); + explicit_bzero(data, len); free(data); return (ret); } diff --git a/lib/libssl/src/crypto/pem/pem_seal.c b/lib/libssl/src/crypto/pem/pem_seal.c index 08837bd7f7a..96687eb77f9 100644 --- a/lib/libssl/src/crypto/pem/pem_seal.c +++ b/lib/libssl/src/crypto/pem/pem_seal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_seal.c,v 1.21 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: pem_seal.c,v 1.22 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -117,7 +117,7 @@ PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, err: free(s); - OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); + explicit_bzero(key, EVP_MAX_KEY_LENGTH); return (ret); } diff --git a/lib/libssl/src/crypto/pem/pvkfmt.c b/lib/libssl/src/crypto/pem/pvkfmt.c index 025381bcc0d..f5a9de39fc7 100644 --- a/lib/libssl/src/crypto/pem/pvkfmt.c +++ b/lib/libssl/src/crypto/pem/pvkfmt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pvkfmt.c,v 1.13 2015/05/15 11:00:14 jsg Exp $ */ +/* $OpenBSD: pvkfmt.c,v 1.14 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -765,7 +765,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen, if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) goto err; - OPENSSL_cleanse(keybuf, 20); + explicit_bzero(keybuf, 20); if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) goto err; if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, @@ -777,7 +777,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen, goto err; } } else - OPENSSL_cleanse(keybuf, 20); + explicit_bzero(keybuf, 20); p = enctmp; } @@ -823,7 +823,7 @@ b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) err: if (buf) { - OPENSSL_cleanse(buf, buflen); + explicit_bzero(buf, buflen); free(buf); } return ret; @@ -894,7 +894,7 @@ i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb, p = salt + PVK_SALTLEN + 8; if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) goto error; - OPENSSL_cleanse(keybuf, 20); + explicit_bzero(keybuf, 20); if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8)) goto error; if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen)) diff --git a/lib/libssl/src/crypto/pkcs12/p12_crpt.c b/lib/libssl/src/crypto/pkcs12/p12_crpt.c index 288c93c49f9..0f215d2fe2d 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_crpt.c +++ b/lib/libssl/src/crypto/pkcs12/p12_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_crpt.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: p12_crpt.c,v 1.12 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/err.h> #include <openssl/pkcs12.h> @@ -111,7 +112,7 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, } PBEPARAM_free(pbe); ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); - OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); - OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); + explicit_bzero(key, EVP_MAX_KEY_LENGTH); + explicit_bzero(iv, EVP_MAX_IV_LENGTH); return ret; } diff --git a/lib/libssl/src/crypto/pkcs12/p12_decr.c b/lib/libssl/src/crypto/pkcs12/p12_decr.c index 4cccf43d3f8..00195f0a988 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_decr.c +++ b/lib/libssl/src/crypto/pkcs12/p12_decr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_decr.c,v 1.15 2015/05/15 11:00:14 jsg Exp $ */ +/* $OpenBSD: p12_decr.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/err.h> #include <openssl/pkcs12.h> @@ -137,7 +138,7 @@ PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, p = out; ret = ASN1_item_d2i(NULL, &p, outlen, it); if (zbuf) - OPENSSL_cleanse(out, outlen); + explicit_bzero(out, outlen); if (!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR); @@ -176,7 +177,7 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, goto err; } if (zbuf) - OPENSSL_cleanse(in, inlen); + explicit_bzero(in, inlen); free(in); return oct; diff --git a/lib/libssl/src/crypto/pkcs12/p12_key.c b/lib/libssl/src/crypto/pkcs12/p12_key.c index 0b3547a6fb5..38f8a8194c7 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_key.c +++ b/lib/libssl/src/crypto/pkcs12/p12_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_key.c,v 1.22 2015/02/07 13:19:15 doug Exp $ */ +/* $OpenBSD: p12_key.c,v 1.23 2015/09/10 15:56:25 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -89,7 +89,7 @@ PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, if (ret <= 0) return 0; if (unipass) { - OPENSSL_cleanse(unipass, uniplen); + explicit_bzero(unipass, uniplen); free(unipass); } return ret; diff --git a/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/lib/libssl/src/crypto/pkcs7/pk7_doit.c index 24bcebef616..7755c3c30ef 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_doit.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_doit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_doit.c,v 1.36 2015/07/29 14:58:34 jsing Exp $ */ +/* $OpenBSD: pk7_doit.c,v 1.37 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -233,7 +233,7 @@ pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri, ret = 1; if (*pek) { - OPENSSL_cleanse(*pek, *peklen); + explicit_bzero(*pek, *peklen); free(*pek); } @@ -371,7 +371,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio) if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) goto err; } - OPENSSL_cleanse(key, keylen); + explicit_bzero(key, keylen); if (out == NULL) out = btmp; @@ -588,7 +588,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) */ if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { /* Use random key as MMA defence */ - OPENSSL_cleanse(ek, eklen); + explicit_bzero(ek, eklen); free(ek); ek = tkey; eklen = tkeylen; @@ -601,12 +601,12 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; if (ek) { - OPENSSL_cleanse(ek, eklen); + explicit_bzero(ek, eklen); free(ek); ek = NULL; } if (tkey) { - OPENSSL_cleanse(tkey, tkeylen); + explicit_bzero(tkey, tkeylen); free(tkey); tkey = NULL; } @@ -635,11 +635,11 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (0) { err: if (ek) { - OPENSSL_cleanse(ek, eklen); + explicit_bzero(ek, eklen); free(ek); } if (tkey) { - OPENSSL_cleanse(tkey, tkeylen); + explicit_bzero(tkey, tkeylen); free(tkey); } if (out != NULL) diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c index 6948a83634f..72c065c48da 100644 --- a/lib/libssl/src/crypto/rand/randfile.c +++ b/lib/libssl/src/crypto/rand/randfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: randfile.c,v 1.41 2015/07/18 22:46:42 beck Exp $ */ +/* $OpenBSD: randfile.c,v 1.42 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -130,7 +130,7 @@ RAND_write_file(const char *file) } fclose(out); - OPENSSL_cleanse(buf, BUFSIZE); + explicit_bzero(buf, BUFSIZE); return ret; } diff --git a/lib/libssl/src/crypto/ripemd/rmd_one.c b/lib/libssl/src/crypto/ripemd/rmd_one.c index 84b13d53122..0d372f32f78 100644 --- a/lib/libssl/src/crypto/ripemd/rmd_one.c +++ b/lib/libssl/src/crypto/ripemd/rmd_one.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rmd_one.c,v 1.8 2015/09/10 15:03:59 jsing Exp $ */ +/* $OpenBSD: rmd_one.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,7 +72,7 @@ unsigned char *RIPEMD160(const unsigned char *d, size_t n, return NULL; RIPEMD160_Update(&c,d,n); RIPEMD160_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); + explicit_bzero(&c,sizeof(c)); return(md); } diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c index 940964cac30..76863e7220e 100644 --- a/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/lib/libssl/src/crypto/rsa/rsa_eay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_eay.c,v 1.39 2015/06/13 08:38:10 doug Exp $ */ +/* $OpenBSD: rsa_eay.c,v 1.40 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -110,6 +110,7 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/opensslconf.h> @@ -242,7 +243,7 @@ err: BN_CTX_free(ctx); } if (buf != NULL) { - OPENSSL_cleanse(buf, num); + explicit_bzero(buf, num); free(buf); } return r; @@ -472,7 +473,7 @@ err: BN_CTX_free(ctx); } if (buf != NULL) { - OPENSSL_cleanse(buf, num); + explicit_bzero(buf, num); free(buf); } return r; @@ -607,7 +608,7 @@ err: BN_CTX_free(ctx); } if (buf != NULL) { - OPENSSL_cleanse(buf, num); + explicit_bzero(buf, num); free(buf); } return r; @@ -712,7 +713,7 @@ err: BN_CTX_free(ctx); } if (buf != NULL) { - OPENSSL_cleanse(buf, num); + explicit_bzero(buf, num); free(buf); } return r; diff --git a/lib/libssl/src/crypto/rsa/rsa_saos.c b/lib/libssl/src/crypto/rsa/rsa_saos.c index 3a07a7af4a4..0a4f37a3da2 100644 --- a/lib/libssl/src/crypto/rsa/rsa_saos.c +++ b/lib/libssl/src/crypto/rsa/rsa_saos.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_saos.c,v 1.17 2015/07/19 18:29:31 miod Exp $ */ +/* $OpenBSD: rsa_saos.c,v 1.18 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -97,7 +97,7 @@ RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len, else *siglen = i; - OPENSSL_cleanse(s, (unsigned int)j + 1); + explicit_bzero(s, (unsigned int)j + 1); free(s); return ret; } @@ -142,7 +142,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m, err: M_ASN1_OCTET_STRING_free(sig); if (s != NULL) { - OPENSSL_cleanse(s, (unsigned int)siglen); + explicit_bzero(s, (unsigned int)siglen); free(s); } return ret; diff --git a/lib/libssl/src/crypto/rsa/rsa_sign.c b/lib/libssl/src/crypto/rsa/rsa_sign.c index db63c5f038e..7be08f544b0 100644 --- a/lib/libssl/src/crypto/rsa/rsa_sign.c +++ b/lib/libssl/src/crypto/rsa/rsa_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_sign.c,v 1.24 2015/07/19 18:29:31 miod Exp $ */ +/* $OpenBSD: rsa_sign.c,v 1.25 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -137,7 +137,7 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len, *siglen = i; if (type != NID_md5_sha1) { - OPENSSL_cleanse(tmps, (unsigned int)j + 1); + explicit_bzero(tmps, (unsigned int)j + 1); free(tmps); } return (ret); @@ -237,7 +237,7 @@ err: if (sig != NULL) X509_SIG_free(sig); if (s != NULL) { - OPENSSL_cleanse(s, (unsigned int)siglen); + explicit_bzero(s, (unsigned int)siglen); free(s); } return ret; diff --git a/lib/libssl/src/crypto/sha/sha1_one.c b/lib/libssl/src/crypto/sha/sha1_one.c index f6b5e4bacf8..91602ee5037 100644 --- a/lib/libssl/src/crypto/sha/sha1_one.c +++ b/lib/libssl/src/crypto/sha/sha1_one.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha1_one.c,v 1.11 2014/07/10 22:45:58 jsing Exp $ */ +/* $OpenBSD: sha1_one.c,v 1.12 2015/09/10 15:56:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,7 +75,7 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) return NULL; SHA1_Update(&c,d,n); SHA1_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); + explicit_bzero(&c,sizeof(c)); return(md); } #endif diff --git a/lib/libssl/src/crypto/sha/sha256.c b/lib/libssl/src/crypto/sha/sha256.c index c5ab56852f2..d584660369c 100644 --- a/lib/libssl/src/crypto/sha/sha256.c +++ b/lib/libssl/src/crypto/sha/sha256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha256.c,v 1.8 2014/08/18 19:11:48 bcook Exp $ */ +/* $OpenBSD: sha256.c,v 1.9 2015/09/10 15:56:26 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2004 The OpenSSL Project. All rights reserved * according to the OpenSSL license [found in ../../LICENSE]. @@ -49,7 +49,7 @@ unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) SHA224_Init(&c); SHA256_Update(&c,d,n); SHA256_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); + explicit_bzero(&c,sizeof(c)); return(md); } @@ -62,7 +62,7 @@ unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) SHA256_Init(&c); SHA256_Update(&c,d,n); SHA256_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); + explicit_bzero(&c,sizeof(c)); return(md); } diff --git a/lib/libssl/src/crypto/sha/sha512.c b/lib/libssl/src/crypto/sha/sha512.c index ad72b7e6f1f..7a55c0acc9d 100644 --- a/lib/libssl/src/crypto/sha/sha512.c +++ b/lib/libssl/src/crypto/sha/sha512.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha512.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: sha512.c,v 1.14 2015/09/10 15:56:26 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2004 The OpenSSL Project. All rights reserved * according to the OpenSSL license [found in ../../LICENSE]. @@ -248,7 +248,7 @@ unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) SHA384_Init(&c); SHA512_Update(&c,d,n); SHA512_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); + explicit_bzero(&c,sizeof(c)); return(md); } @@ -261,7 +261,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) SHA512_Init(&c); SHA512_Update(&c,d,n); SHA512_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); + explicit_bzero(&c,sizeof(c)); return(md); } diff --git a/lib/libssl/src/crypto/sha/sha_one.c b/lib/libssl/src/crypto/sha/sha_one.c index 1d3fc35f05d..ad04021eb1d 100644 --- a/lib/libssl/src/crypto/sha/sha_one.c +++ b/lib/libssl/src/crypto/sha/sha_one.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha_one.c,v 1.8 2014/07/10 22:45:58 jsing Exp $ */ +/* $OpenBSD: sha_one.c,v 1.9 2015/09/10 15:56:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,7 +75,7 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md) return NULL; SHA_Update(&c,d,n); SHA_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); + explicit_bzero(&c,sizeof(c)); return(md); } #endif diff --git a/lib/libssl/src/crypto/ui/ui_openssl.c b/lib/libssl/src/crypto/ui/ui_openssl.c index b3d2971a026..9562c2c937a 100644 --- a/lib/libssl/src/crypto/ui/ui_openssl.c +++ b/lib/libssl/src/crypto/ui/ui_openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ui_openssl.c,v 1.24 2015/07/16 02:46:49 guenther Exp $ */ +/* $OpenBSD: ui_openssl.c,v 1.25 2015/09/10 15:56:26 jsing Exp $ */ /* Written by Richard Levitte (richard@levitte.org) and others * for the OpenSSL project 2001. */ @@ -286,7 +286,7 @@ error: if (ps >= 1) popsig(); - OPENSSL_cleanse(result, BUFSIZ); + explicit_bzero(result, BUFSIZ); return ok; } diff --git a/lib/libssl/src/crypto/ui/ui_util.c b/lib/libssl/src/crypto/ui/ui_util.c index e5cee913b27..d1040c9826a 100644 --- a/lib/libssl/src/crypto/ui/ui_util.c +++ b/lib/libssl/src/crypto/ui/ui_util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ui_util.c,v 1.9 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: ui_util.c,v 1.10 2015/09/10 15:56:26 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. * @@ -67,7 +67,7 @@ UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) ret = UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, prompt, verify); - OPENSSL_cleanse(buff, BUFSIZ); + explicit_bzero(buff, BUFSIZ); return (ret); } diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index 23d6b372c91..2b736b92439 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.48 2015/09/02 17:59:15 jsing Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.49 2015/09/10 15:56:26 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -731,7 +731,7 @@ dtls1_send_client_key_exchange(SSL *s) s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, tmp_buf, sizeof tmp_buf); - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); + explicit_bzero(tmp_buf, sizeof tmp_buf); } else if (alg_k & SSL_kDHE) { DH *dh_srvr, *dh_clnt; diff --git a/lib/libssl/src/ssl/d1_lib.c b/lib/libssl/src/ssl/d1_lib.c index b269efe4690..e7eca4a8cd4 100644 --- a/lib/libssl/src/ssl/d1_lib.c +++ b/lib/libssl/src/ssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.29 2015/07/19 20:32:18 doug Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.30 2015/09/10 15:56:26 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -203,7 +203,7 @@ dtls1_free(SSL *s) pqueue_free(s->d1->sent_messages); pqueue_free(s->d1->buffered_app_data.q); - OPENSSL_cleanse(s->d1, sizeof *s->d1); + explicit_bzero(s->d1, sizeof *s->d1); free(s->d1); s->d1 = NULL; } diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 1d1a0c77f0b..e4ce8163ac8 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.125 2015/09/02 17:59:15 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.126 2015/09/10 15:56:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1933,7 +1933,7 @@ ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length = s->method->ssl3_enc->generate_master_secret( s, s->session->master_key, tmp_buf, sizeof tmp_buf); - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); + explicit_bzero(tmp_buf, sizeof tmp_buf); } else if (alg_k & SSL_kDHE) { DH *dh_srvr, *dh_clnt; diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c index bfa719df5fe..515072a99ea 100644 --- a/lib/libssl/src/ssl/s3_enc.c +++ b/lib/libssl/src/ssl/s3_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_enc.c,v 1.61 2015/07/19 20:32:18 doug Exp $ */ +/* $OpenBSD: s3_enc.c,v 1.62 2015/09/10 15:56:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -209,7 +209,7 @@ ssl3_generate_key_block(SSL *s, unsigned char *km, int num) km += MD5_DIGEST_LENGTH; } - OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH); + explicit_bzero(smd, SHA_DIGEST_LENGTH); EVP_MD_CTX_cleanup(&m5); EVP_MD_CTX_cleanup(&s1); return 1; @@ -392,7 +392,7 @@ void ssl3_cleanup_key_block(SSL *s) { if (s->s3->tmp.key_block != NULL) { - OPENSSL_cleanse(s->s3->tmp.key_block, + explicit_bzero(s->s3->tmp.key_block, s->s3->tmp.key_block_length); free(s->s3->tmp.key_block); s->s3->tmp.key_block = NULL; diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 42396a21e9d..4e6b1236983 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.100 2015/08/27 06:21:15 doug Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.101 2015/09/10 15:56:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2066,7 +2066,7 @@ ssl3_free(SSL *s) ssl3_free_digest_list(s); free(s->s3->alpn_selected); - OPENSSL_cleanse(s->s3, sizeof *s->s3); + explicit_bzero(s->s3, sizeof *s->s3); free(s->s3); s->s3 = NULL; } diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 3f9f6720fac..b2c4f8e0d2b 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.115 2015/09/01 13:38:27 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.116 2015/09/10 15:56:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1725,7 +1725,7 @@ ssl3_get_client_key_exchange(SSL *s) s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, p, i); - OPENSSL_cleanse(p, i); + explicit_bzero(p, i); } else if (alg_k & SSL_kDHE) { if (2 > n) goto truncated; @@ -1776,7 +1776,7 @@ ssl3_get_client_key_exchange(SSL *s) s->session->master_key_length = s->method->ssl3_enc->generate_master_secret( s, s->session->master_key, p, i); - OPENSSL_cleanse(p, i); + explicit_bzero(p, i); } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { @@ -1920,7 +1920,7 @@ ssl3_get_client_key_exchange(SSL *s) s->session->master_key_length = s->method->ssl3_enc-> \ generate_master_secret(s, s->session->master_key, p, i); - OPENSSL_cleanse(p, i); + explicit_bzero(p, i); return (ret); } else if (alg_k & SSL_kGOST) { diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c index a688b9ef410..5d18c8a0b4e 100644 --- a/lib/libssl/src/ssl/ssl_sess.c +++ b/lib/libssl/src/ssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.46 2015/08/27 06:21:15 doug Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.47 2015/09/10 15:56:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -694,8 +694,8 @@ SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); - OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); + explicit_bzero(ss->master_key, sizeof ss->master_key); + explicit_bzero(ss->session_id, sizeof ss->session_id); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) @@ -708,7 +708,7 @@ SSL_SESSION_free(SSL_SESSION *ss) free(ss->tlsext_ecpointformatlist); ss->tlsext_ellipticcurvelist_length = 0; free(ss->tlsext_ellipticcurvelist); - OPENSSL_cleanse(ss, sizeof(*ss)); + explicit_bzero(ss, sizeof(*ss)); free(ss); } diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c index a3a5d4dd7d8..5d2b8eaf896 100644 --- a/lib/libssl/src/ssl/t1_enc.c +++ b/lib/libssl/src/ssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.80 2015/08/27 14:16:57 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.81 2015/09/10 15:56:26 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -226,7 +226,7 @@ err: EVP_PKEY_free(mac_key); EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_cleanup(&ctx_tmp); - OPENSSL_cleanse(A1, sizeof(A1)); + explicit_bzero(A1, sizeof(A1)); return ret; } @@ -659,7 +659,7 @@ tls1_setup_key_block(SSL *s) err: if (tmp_block) { - OPENSSL_cleanse(tmp_block, key_block_len); + explicit_bzero(tmp_block, key_block_len); free(tmp_block); } return (ret); |