summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2015-09-10 15:56:27 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2015-09-10 15:56:27 +0000
commit63d39522f96d4bd39e7daf8931da8c3e3f3da8d1 (patch)
tree1ac64c28043e985cdac4b8f921232fb0fef46ebb /lib
parente424644100148be711d3368e992cbd6cc2f05ab9 (diff)
Correct spelling of OPENSSL_cleanse.
ok miod@
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/src/crypto/aes/aes_wrap.c4
-rw-r--r--lib/libssl/src/crypto/asn1/a_sign.c7
-rw-r--r--lib/libssl/src/crypto/asn1/a_verify.c5
-rw-r--r--lib/libssl/src/crypto/asn1/n_pkey.c8
-rw-r--r--lib/libssl/src/crypto/asn1/p8_pkey.c5
-rw-r--r--lib/libssl/src/crypto/bn/bn_exp.c4
-rw-r--r--lib/libssl/src/crypto/bn/bn_lib.c8
-rw-r--r--lib/libssl/src/crypto/bn/bn_rand.c5
-rw-r--r--lib/libssl/src/crypto/cmac/cmac.c14
-rw-r--r--lib/libssl/src/crypto/cms/cms_asn1.c6
-rw-r--r--lib/libssl/src/crypto/cms/cms_enc.c8
-rw-r--r--lib/libssl/src/crypto/cms/cms_env.c10
-rw-r--r--lib/libssl/src/crypto/cms/cms_pwri.c4
-rw-r--r--lib/libssl/src/crypto/des/str2key.c6
-rw-r--r--lib/libssl/src/crypto/ec/ec_key.c4
-rw-r--r--lib/libssl/src/crypto/ec/ec_lib.c8
-rw-r--r--lib/libssl/src/crypto/ec/ec_mult.c6
-rw-r--r--lib/libssl/src/crypto/ec/ecp_nistp224.c4
-rw-r--r--lib/libssl/src/crypto/ec/ecp_nistp256.c4
-rw-r--r--lib/libssl/src/crypto/ec/ecp_nistp521.c4
-rw-r--r--lib/libssl/src/crypto/ecdh/ech_lib.c4
-rw-r--r--lib/libssl/src/crypto/ecdsa/ecs_lib.c4
-rw-r--r--lib/libssl/src/crypto/evp/bio_enc.c4
-rw-r--r--lib/libssl/src/crypto/evp/e_aes.c10
-rw-r--r--lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c4
-rw-r--r--lib/libssl/src/crypto/evp/e_chacha20poly1305.c4
-rw-r--r--lib/libssl/src/crypto/evp/e_idea.c5
-rw-r--r--lib/libssl/src/crypto/evp/evp_enc.c4
-rw-r--r--lib/libssl/src/crypto/evp/evp_key.c6
-rw-r--r--lib/libssl/src/crypto/evp/p5_crpt.c8
-rw-r--r--lib/libssl/src/crypto/evp/p5_crpt2.c4
-rw-r--r--lib/libssl/src/crypto/evp/p_open.c5
-rw-r--r--lib/libssl/src/crypto/gost/gost2814789.c4
-rw-r--r--lib/libssl/src/crypto/gost/gostr341001_key.c6
-rw-r--r--lib/libssl/src/crypto/gost/gostr341194.c4
-rw-r--r--lib/libssl/src/crypto/gost/streebog.c6
-rw-r--r--lib/libssl/src/crypto/hmac/hm_ameth.c4
-rw-r--r--lib/libssl/src/crypto/hmac/hm_pmeth.c4
-rw-r--r--lib/libssl/src/crypto/md4/md4_one.c4
-rw-r--r--lib/libssl/src/crypto/md5/md5_one.c4
-rw-r--r--lib/libssl/src/crypto/modes/gcm128.c4
-rw-r--r--lib/libssl/src/crypto/pem/pem_info.c6
-rw-r--r--lib/libssl/src/crypto/pem/pem_lib.c22
-rw-r--r--lib/libssl/src/crypto/pem/pem_pk8.c5
-rw-r--r--lib/libssl/src/crypto/pem/pem_pkey.c4
-rw-r--r--lib/libssl/src/crypto/pem/pem_seal.c4
-rw-r--r--lib/libssl/src/crypto/pem/pvkfmt.c10
-rw-r--r--lib/libssl/src/crypto/pkcs12/p12_crpt.c7
-rw-r--r--lib/libssl/src/crypto/pkcs12/p12_decr.c7
-rw-r--r--lib/libssl/src/crypto/pkcs12/p12_key.c4
-rw-r--r--lib/libssl/src/crypto/pkcs7/pk7_doit.c16
-rw-r--r--lib/libssl/src/crypto/rand/randfile.c4
-rw-r--r--lib/libssl/src/crypto/ripemd/rmd_one.c4
-rw-r--r--lib/libssl/src/crypto/rsa/rsa_eay.c11
-rw-r--r--lib/libssl/src/crypto/rsa/rsa_saos.c6
-rw-r--r--lib/libssl/src/crypto/rsa/rsa_sign.c6
-rw-r--r--lib/libssl/src/crypto/sha/sha1_one.c4
-rw-r--r--lib/libssl/src/crypto/sha/sha256.c6
-rw-r--r--lib/libssl/src/crypto/sha/sha512.c6
-rw-r--r--lib/libssl/src/crypto/sha/sha_one.c4
-rw-r--r--lib/libssl/src/crypto/ui/ui_openssl.c4
-rw-r--r--lib/libssl/src/crypto/ui/ui_util.c4
-rw-r--r--lib/libssl/src/ssl/d1_clnt.c4
-rw-r--r--lib/libssl/src/ssl/d1_lib.c4
-rw-r--r--lib/libssl/src/ssl/s3_clnt.c4
-rw-r--r--lib/libssl/src/ssl/s3_enc.c6
-rw-r--r--lib/libssl/src/ssl/s3_lib.c4
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c8
-rw-r--r--lib/libssl/src/ssl/ssl_sess.c8
-rw-r--r--lib/libssl/src/ssl/t1_enc.c6
70 files changed, 213 insertions, 201 deletions
diff --git a/lib/libssl/src/crypto/aes/aes_wrap.c b/lib/libssl/src/crypto/aes/aes_wrap.c
index 4479473e6b9..ac2f83a9938 100644
--- a/lib/libssl/src/crypto/aes/aes_wrap.c
+++ b/lib/libssl/src/crypto/aes/aes_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_wrap.c,v 1.9 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: aes_wrap.c,v 1.10 2015/09/10 15:56:24 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@@ -126,7 +126,7 @@ AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out,
if (!iv)
iv = default_iv;
if (memcmp(A, iv, 8)) {
- OPENSSL_cleanse(out, inlen);
+ explicit_bzero(out, inlen);
return 0;
}
return inlen;
diff --git a/lib/libssl/src/crypto/asn1/a_sign.c b/lib/libssl/src/crypto/asn1/a_sign.c
index d9385312a7d..195daa3b9f2 100644
--- a/lib/libssl/src/crypto/asn1/a_sign.c
+++ b/lib/libssl/src/crypto/asn1/a_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_sign.c,v 1.20 2015/07/19 18:29:31 miod Exp $ */
+/* $OpenBSD: a_sign.c,v 1.21 2015/09/10 15:56:24 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -112,6 +112,7 @@
#include <sys/types.h>
#include <stdio.h>
+#include <string.h>
#include <time.h>
#include <openssl/bn.h>
@@ -229,11 +230,11 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
err:
EVP_MD_CTX_cleanup(ctx);
if (buf_in != NULL) {
- OPENSSL_cleanse((char *)buf_in, inl);
+ explicit_bzero((char *)buf_in, inl);
free(buf_in);
}
if (buf_out != NULL) {
- OPENSSL_cleanse((char *)buf_out, outll);
+ explicit_bzero((char *)buf_out, outll);
free(buf_out);
}
return (outl);
diff --git a/lib/libssl/src/crypto/asn1/a_verify.c b/lib/libssl/src/crypto/asn1/a_verify.c
index 3fc79b78f6f..12b76501e0f 100644
--- a/lib/libssl/src/crypto/asn1/a_verify.c
+++ b/lib/libssl/src/crypto/asn1/a_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_verify.c,v 1.21 2015/01/28 04:14:31 beck Exp $ */
+/* $OpenBSD: a_verify.c,v 1.22 2015/09/10 15:56:24 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -59,6 +59,7 @@
#include <sys/types.h>
#include <stdio.h>
+#include <string.h>
#include <time.h>
#include <openssl/bn.h>
@@ -152,7 +153,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
goto err;
}
- OPENSSL_cleanse(buf_in, (unsigned int)inl);
+ explicit_bzero(buf_in, (unsigned int)inl);
free(buf_in);
if (EVP_DigestVerifyFinal(&ctx, signature->data,
diff --git a/lib/libssl/src/crypto/asn1/n_pkey.c b/lib/libssl/src/crypto/asn1/n_pkey.c
index d3a7431356a..491f988e924 100644
--- a/lib/libssl/src/crypto/asn1/n_pkey.c
+++ b/lib/libssl/src/crypto/asn1/n_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: n_pkey.c,v 1.26 2015/03/19 14:00:22 tedu Exp $ */
+/* $OpenBSD: n_pkey.c,v 1.27 2015/09/10 15:56:24 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -277,7 +277,7 @@ i2d_RSA_NET(const RSA *a, unsigned char **pp,
i2d_NETSCAPE_PKEY(pkey, &zz);
/* Wipe the private key encoding */
- OPENSSL_cleanse(pkey->private_key->data, rsalen);
+ explicit_bzero(pkey->private_key->data, rsalen);
if (cb == NULL)
cb = EVP_read_pw_string;
@@ -297,7 +297,7 @@ i2d_RSA_NET(const RSA *a, unsigned char **pp,
if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
goto err;
- OPENSSL_cleanse(buf, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
/* Encrypt private key in place */
zz = enckey->enckey->digest->data;
@@ -394,7 +394,7 @@ d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
goto err;
- OPENSSL_cleanse(buf, sizeof(buf));
+ explicit_bzero(buf, sizeof(buf));
if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
goto err;
diff --git a/lib/libssl/src/crypto/asn1/p8_pkey.c b/lib/libssl/src/crypto/asn1/p8_pkey.c
index 2f7a469673b..71d579456af 100644
--- a/lib/libssl/src/crypto/asn1/p8_pkey.c
+++ b/lib/libssl/src/crypto/asn1/p8_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p8_pkey.c,v 1.16 2015/07/16 18:21:57 miod Exp $ */
+/* $OpenBSD: p8_pkey.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
@@ -71,7 +72,7 @@ pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
if (key->pkey != NULL &&
key->pkey->type == V_ASN1_OCTET_STRING &&
key->pkey->value.octet_string != NULL)
- OPENSSL_cleanse(key->pkey->value.octet_string->data,
+ explicit_bzero(key->pkey->value.octet_string->data,
key->pkey->value.octet_string->length);
}
return 1;
diff --git a/lib/libssl/src/crypto/bn/bn_exp.c b/lib/libssl/src/crypto/bn/bn_exp.c
index 4a28c2c6058..c4ca36d1365 100644
--- a/lib/libssl/src/crypto/bn/bn_exp.c
+++ b/lib/libssl/src/crypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp.c,v 1.22 2015/03/21 08:05:20 doug Exp $ */
+/* $OpenBSD: bn_exp.c,v 1.23 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -825,7 +825,7 @@ err:
if ((in_mont == NULL) && (mont != NULL))
BN_MONT_CTX_free(mont);
if (powerbuf != NULL) {
- OPENSSL_cleanse(powerbuf, powerbufLen);
+ explicit_bzero(powerbuf, powerbufLen);
free(powerbufFree);
}
BN_CTX_end(ctx);
diff --git a/lib/libssl/src/crypto/bn/bn_lib.c b/lib/libssl/src/crypto/bn/bn_lib.c
index d0cb49cd1e7..7cc76c1e854 100644
--- a/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/lib/libssl/src/crypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lib.c,v 1.33 2014/07/12 16:03:36 miod Exp $ */
+/* $OpenBSD: bn_lib.c,v 1.34 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -221,11 +221,11 @@ BN_clear_free(BIGNUM *a)
return;
bn_check_top(a);
if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) {
- OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
+ explicit_bzero(a->d, a->dmax * sizeof(a->d[0]));
free(a->d);
}
i = BN_get_flags(a, BN_FLG_MALLOCED);
- OPENSSL_cleanse(a, sizeof(BIGNUM));
+ explicit_bzero(a, sizeof(BIGNUM));
if (i)
free(a);
}
@@ -395,7 +395,7 @@ bn_expand2(BIGNUM *b, int words)
if (!a)
return NULL;
if (b->d) {
- OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
+ explicit_bzero(b->d, b->dmax * sizeof(b->d[0]));
free(b->d);
}
b->d = a;
diff --git a/lib/libssl/src/crypto/bn/bn_rand.c b/lib/libssl/src/crypto/bn/bn_rand.c
index ac5c5eb3089..783f6c22f80 100644
--- a/lib/libssl/src/crypto/bn/bn_rand.c
+++ b/lib/libssl/src/crypto/bn/bn_rand.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_rand.c,v 1.17 2015/02/19 06:10:29 jsing Exp $ */
+/* $OpenBSD: bn_rand.c,v 1.18 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -111,6 +111,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include <time.h>
#include <openssl/err.h>
@@ -186,7 +187,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
err:
if (buf != NULL) {
- OPENSSL_cleanse(buf, bytes);
+ explicit_bzero(buf, bytes);
free(buf);
}
bn_check_top(rnd);
diff --git a/lib/libssl/src/crypto/cmac/cmac.c b/lib/libssl/src/crypto/cmac/cmac.c
index 18635b942a8..d01ae0f3aee 100644
--- a/lib/libssl/src/crypto/cmac/cmac.c
+++ b/lib/libssl/src/crypto/cmac/cmac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmac.c,v 1.9 2014/07/12 14:58:32 miod Exp $ */
+/* $OpenBSD: cmac.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@@ -107,10 +107,10 @@ void
CMAC_CTX_cleanup(CMAC_CTX *ctx)
{
EVP_CIPHER_CTX_cleanup(&ctx->cctx);
- OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
- OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
- OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
- OPENSSL_cleanse(ctx->last_block, EVP_MAX_BLOCK_LENGTH);
+ explicit_bzero(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
+ explicit_bzero(ctx->k1, EVP_MAX_BLOCK_LENGTH);
+ explicit_bzero(ctx->k2, EVP_MAX_BLOCK_LENGTH);
+ explicit_bzero(ctx->last_block, EVP_MAX_BLOCK_LENGTH);
ctx->nlast_block = -1;
}
@@ -183,7 +183,7 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
return 0;
make_kn(ctx->k1, ctx->tbl, bl);
make_kn(ctx->k2, ctx->k1, bl);
- OPENSSL_cleanse(ctx->tbl, bl);
+ explicit_bzero(ctx->tbl, bl);
/* Reset context again ready for first data block */
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
return 0;
@@ -260,7 +260,7 @@ CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
out[i] = ctx->last_block[i] ^ ctx->k2[i];
}
if (!EVP_Cipher(&ctx->cctx, out, out, bl)) {
- OPENSSL_cleanse(out, bl);
+ explicit_bzero(out, bl);
return 0;
}
return 1;
diff --git a/lib/libssl/src/crypto/cms/cms_asn1.c b/lib/libssl/src/crypto/cms/cms_asn1.c
index 02a594575db..e4502598329 100644
--- a/lib/libssl/src/crypto/cms/cms_asn1.c
+++ b/lib/libssl/src/crypto/cms/cms_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_asn1.c,v 1.6 2015/07/25 15:22:10 jsing Exp $ */
+/* $OpenBSD: cms_asn1.c,v 1.7 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@@ -888,13 +888,13 @@ cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
} else if (ri->type == CMS_RECIPINFO_KEK) {
CMS_KEKRecipientInfo *kekri = ri->d.kekri;
if (kekri->key) {
- OPENSSL_cleanse(kekri->key, kekri->keylen);
+ explicit_bzero(kekri->key, kekri->keylen);
free(kekri->key);
}
} else if (ri->type == CMS_RECIPINFO_PASS) {
CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
if (pwri->pass) {
- OPENSSL_cleanse(pwri->pass, pwri->passlen);
+ explicit_bzero(pwri->pass, pwri->passlen);
free(pwri->pass);
}
}
diff --git a/lib/libssl/src/crypto/cms/cms_enc.c b/lib/libssl/src/crypto/cms/cms_enc.c
index f97e4d5f345..c967a18a3c3 100644
--- a/lib/libssl/src/crypto/cms/cms_enc.c
+++ b/lib/libssl/src/crypto/cms/cms_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_enc.c,v 1.6 2014/10/22 13:02:04 jsing Exp $ */
+/* $OpenBSD: cms_enc.c,v 1.7 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@@ -164,7 +164,7 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
goto err;
} else {
/* Use random key */
- OPENSSL_cleanse(ec->key, ec->keylen);
+ explicit_bzero(ec->key, ec->keylen);
free(ec->key);
ec->key = tkey;
ec->keylen = tkeylen;
@@ -197,12 +197,12 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
err:
if (ec->key && !keep_key) {
- OPENSSL_cleanse(ec->key, ec->keylen);
+ explicit_bzero(ec->key, ec->keylen);
free(ec->key);
ec->key = NULL;
}
if (tkey) {
- OPENSSL_cleanse(tkey, tkeylen);
+ explicit_bzero(tkey, tkeylen);
free(tkey);
}
if (ok)
diff --git a/lib/libssl/src/crypto/cms/cms_env.c b/lib/libssl/src/crypto/cms/cms_env.c
index 63b24b63742..e483c4539fc 100644
--- a/lib/libssl/src/crypto/cms/cms_env.c
+++ b/lib/libssl/src/crypto/cms/cms_env.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_env.c,v 1.8 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: cms_env.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@@ -406,7 +406,7 @@ cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
ret = 1;
if (ec->key) {
- OPENSSL_cleanse(ec->key, ec->keylen);
+ explicit_bzero(ec->key, ec->keylen);
free(ec->key);
}
@@ -654,7 +654,7 @@ cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
err:
if (!r && wkey)
free(wkey);
- OPENSSL_cleanse(&actx, sizeof(actx));
+ explicit_bzero(&actx, sizeof(actx));
return r;
}
@@ -727,7 +727,7 @@ cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
err:
if (!r && ukey)
free(ukey);
- OPENSSL_cleanse(&actx, sizeof(actx));
+ explicit_bzero(&actx, sizeof(actx));
return r;
}
@@ -806,7 +806,7 @@ cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
err:
ec->cipher = NULL;
if (ec->key) {
- OPENSSL_cleanse(ec->key, ec->keylen);
+ explicit_bzero(ec->key, ec->keylen);
free(ec->key);
ec->key = NULL;
ec->keylen = 0;
diff --git a/lib/libssl/src/crypto/cms/cms_pwri.c b/lib/libssl/src/crypto/cms/cms_pwri.c
index 11509e3c113..7055ba5d3b6 100644
--- a/lib/libssl/src/crypto/cms/cms_pwri.c
+++ b/lib/libssl/src/crypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_pwri.c,v 1.9 2015/05/15 11:00:14 jsg Exp $ */
+/* $OpenBSD: cms_pwri.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@@ -262,7 +262,7 @@ kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
rv = 1;
err:
- OPENSSL_cleanse(tmp, inlen);
+ explicit_bzero(tmp, inlen);
free(tmp);
return rv;
}
diff --git a/lib/libssl/src/crypto/des/str2key.c b/lib/libssl/src/crypto/des/str2key.c
index 8999eb292a7..ce17e2659b3 100644
--- a/lib/libssl/src/crypto/des/str2key.c
+++ b/lib/libssl/src/crypto/des/str2key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: str2key.c,v 1.9 2014/10/28 07:35:58 jsg Exp $ */
+/* $OpenBSD: str2key.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -95,7 +95,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
DES_set_key_unchecked(key,&ks);
#endif
DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
- OPENSSL_cleanse(&ks,sizeof(ks));
+ explicit_bzero(&ks,sizeof(ks));
DES_set_odd_parity(key);
}
@@ -168,7 +168,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
DES_set_key_unchecked(key2,&ks);
#endif
DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
- OPENSSL_cleanse(&ks,sizeof(ks));
+ explicit_bzero(&ks,sizeof(ks));
DES_set_odd_parity(key1);
DES_set_odd_parity(key2);
}
diff --git a/lib/libssl/src/crypto/ec/ec_key.c b/lib/libssl/src/crypto/ec/ec_key.c
index 45192c3231b..fa962e4d0ff 100644
--- a/lib/libssl/src/crypto/ec/ec_key.c
+++ b/lib/libssl/src/crypto/ec/ec_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.11 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: ec_key.c,v 1.12 2015/09/10 15:56:25 jsing Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@@ -122,7 +122,7 @@ EC_KEY_free(EC_KEY * r)
EC_EX_DATA_free_all_data(&r->method_data);
- OPENSSL_cleanse((void *) r, sizeof(EC_KEY));
+ explicit_bzero((void *) r, sizeof(EC_KEY));
free(r);
}
diff --git a/lib/libssl/src/crypto/ec/ec_lib.c b/lib/libssl/src/crypto/ec/ec_lib.c
index a12a2ffbb6f..c28ab18fc00 100644
--- a/lib/libssl/src/crypto/ec/ec_lib.c
+++ b/lib/libssl/src/crypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.18 2015/05/20 04:33:35 miod Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@@ -152,10 +152,10 @@ EC_GROUP_clear_free(EC_GROUP * group)
BN_clear_free(&group->cofactor);
if (group->seed) {
- OPENSSL_cleanse(group->seed, group->seed_len);
+ explicit_bzero(group->seed, group->seed_len);
free(group->seed);
}
- OPENSSL_cleanse(group, sizeof *group);
+ explicit_bzero(group, sizeof *group);
free(group);
}
@@ -754,7 +754,7 @@ EC_POINT_clear_free(EC_POINT * point)
point->meth->point_clear_finish(point);
else if (point->meth->point_finish != 0)
point->meth->point_finish(point);
- OPENSSL_cleanse(point, sizeof *point);
+ explicit_bzero(point, sizeof *point);
free(point);
}
diff --git a/lib/libssl/src/crypto/ec/ec_mult.c b/lib/libssl/src/crypto/ec/ec_mult.c
index 68f55cfcb34..e428ac586b1 100644
--- a/lib/libssl/src/crypto/ec/ec_mult.c
+++ b/lib/libssl/src/crypto/ec/ec_mult.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_mult.c,v 1.18 2015/02/15 08:44:35 miod Exp $ */
+/* $OpenBSD: ec_mult.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */
/*
* Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
*/
@@ -173,11 +173,11 @@ ec_pre_comp_clear_free(void *pre_)
for (p = pre->points; *p != NULL; p++) {
EC_POINT_clear_free(*p);
- OPENSSL_cleanse(p, sizeof *p);
+ explicit_bzero(p, sizeof *p);
}
free(pre->points);
}
- OPENSSL_cleanse(pre, sizeof *pre);
+ explicit_bzero(pre, sizeof *pre);
free(pre);
}
diff --git a/lib/libssl/src/crypto/ec/ecp_nistp224.c b/lib/libssl/src/crypto/ec/ecp_nistp224.c
index d29113045a5..0976f24a9fd 100644
--- a/lib/libssl/src/crypto/ec/ecp_nistp224.c
+++ b/lib/libssl/src/crypto/ec/ecp_nistp224.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp224.c,v 1.16 2015/02/08 22:25:03 miod Exp $ */
+/* $OpenBSD: ecp_nistp224.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */
/*
* Written by Emilia Kasper (Google) for the OpenSSL project.
*/
@@ -1239,7 +1239,7 @@ nistp224_pre_comp_clear_free(void *pre_)
if (i > 0)
return;
- OPENSSL_cleanse(pre, sizeof *pre);
+ explicit_bzero(pre, sizeof *pre);
free(pre);
}
diff --git a/lib/libssl/src/crypto/ec/ecp_nistp256.c b/lib/libssl/src/crypto/ec/ecp_nistp256.c
index 23a2131980d..be1d2a5402f 100644
--- a/lib/libssl/src/crypto/ec/ecp_nistp256.c
+++ b/lib/libssl/src/crypto/ec/ecp_nistp256.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp256.c,v 1.15 2015/02/08 22:25:03 miod Exp $ */
+/* $OpenBSD: ecp_nistp256.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */
/*
* Written by Adam Langley (Google) for the OpenSSL project
*/
@@ -1788,7 +1788,7 @@ nistp256_pre_comp_clear_free(void *pre_)
if (i > 0)
return;
- OPENSSL_cleanse(pre, sizeof *pre);
+ explicit_bzero(pre, sizeof *pre);
free(pre);
}
diff --git a/lib/libssl/src/crypto/ec/ecp_nistp521.c b/lib/libssl/src/crypto/ec/ecp_nistp521.c
index 6382091cf91..cfa13b41f8e 100644
--- a/lib/libssl/src/crypto/ec/ecp_nistp521.c
+++ b/lib/libssl/src/crypto/ec/ecp_nistp521.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp521.c,v 1.16 2015/02/08 22:25:03 miod Exp $ */
+/* $OpenBSD: ecp_nistp521.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */
/*
* Written by Adam Langley (Google) for the OpenSSL project
*/
@@ -1679,7 +1679,7 @@ nistp521_pre_comp_clear_free(void *pre_)
if (i > 0)
return;
- OPENSSL_cleanse(pre, sizeof(*pre));
+ explicit_bzero(pre, sizeof(*pre));
free(pre);
}
diff --git a/lib/libssl/src/crypto/ecdh/ech_lib.c b/lib/libssl/src/crypto/ecdh/ech_lib.c
index 43c4f8ce311..58dddf638f3 100644
--- a/lib/libssl/src/crypto/ecdh/ech_lib.c
+++ b/lib/libssl/src/crypto/ecdh/ech_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ech_lib.c,v 1.8 2015/02/07 13:19:15 doug Exp $ */
+/* $OpenBSD: ech_lib.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
@@ -180,7 +180,7 @@ void ecdh_data_free(void *data)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
- OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
+ explicit_bzero((void *)r, sizeof(ECDH_DATA));
free(r);
}
diff --git a/lib/libssl/src/crypto/ecdsa/ecs_lib.c b/lib/libssl/src/crypto/ecdsa/ecs_lib.c
index dba888cb48a..1ba788b4f06 100644
--- a/lib/libssl/src/crypto/ecdsa/ecs_lib.c
+++ b/lib/libssl/src/crypto/ecdsa/ecs_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_lib.c,v 1.9 2015/02/08 13:35:07 jsing Exp $ */
+/* $OpenBSD: ecs_lib.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
@@ -170,7 +170,7 @@ ecdsa_data_free(void *data)
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
- OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
+ explicit_bzero((void *)r, sizeof(ECDSA_DATA));
free(r);
}
diff --git a/lib/libssl/src/crypto/evp/bio_enc.c b/lib/libssl/src/crypto/evp/bio_enc.c
index e367faa9678..1920c6d1808 100644
--- a/lib/libssl/src/crypto/evp/bio_enc.c
+++ b/lib/libssl/src/crypto/evp/bio_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_enc.c,v 1.18 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: bio_enc.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -135,7 +135,7 @@ enc_free(BIO *a)
return (0);
b = (BIO_ENC_CTX *)a->ptr;
EVP_CIPHER_CTX_cleanup(&(b->cipher));
- OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX));
+ explicit_bzero(a->ptr, sizeof(BIO_ENC_CTX));
free(a->ptr);
a->ptr = NULL;
a->init = 0;
diff --git a/lib/libssl/src/crypto/evp/e_aes.c b/lib/libssl/src/crypto/evp/e_aes.c
index 0a9455a5d2f..a6d48085c3c 100644
--- a/lib/libssl/src/crypto/evp/e_aes.c
+++ b/lib/libssl/src/crypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.28 2015/06/20 12:01:14 jsing Exp $ */
+/* $OpenBSD: e_aes.c,v 1.29 2015/09/10 15:56:25 jsing Exp $ */
/* ====================================================================
* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
*
@@ -690,7 +690,7 @@ aes_gcm_cleanup(EVP_CIPHER_CTX *c)
if (gctx->iv != c->iv)
free(gctx->iv);
- OPENSSL_cleanse(gctx, sizeof(*gctx));
+ explicit_bzero(gctx, sizeof(*gctx));
return 1;
}
@@ -972,7 +972,7 @@ aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* If tag mismatch wipe buffer */
if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
- OPENSSL_cleanse(out, len);
+ explicit_bzero(out, len);
goto err;
}
rv = len;
@@ -1339,7 +1339,7 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
if (rv == -1)
- OPENSSL_cleanse(out, len);
+ explicit_bzero(out, len);
cctx->iv_set = 0;
cctx->tag_set = 0;
cctx->len_set = 0;
@@ -1417,7 +1417,7 @@ aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx)
{
struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
- OPENSSL_cleanse(gcm_ctx, sizeof(*gcm_ctx));
+ explicit_bzero(gcm_ctx, sizeof(*gcm_ctx));
free(gcm_ctx);
}
diff --git a/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c b/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
index 7c23face341..c76c2b1c52b 100644
--- a/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.8 2014/07/12 20:37:07 miod Exp $ */
+/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */
/* ====================================================================
* Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
*
@@ -502,7 +502,7 @@ aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
SHA1_Init(&key->tail);
SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key));
- OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+ explicit_bzero(hmac_key, sizeof(hmac_key));
return 1;
}
diff --git a/lib/libssl/src/crypto/evp/e_chacha20poly1305.c b/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
index c003b0ba7f6..9deb40b72af 100644
--- a/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
+++ b/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.9 2015/06/20 12:01:14 jsing Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/*
* Copyright (c) 2014, Google Inc.
*
@@ -71,7 +71,7 @@ aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx)
{
struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
- OPENSSL_cleanse(c20_ctx->key, sizeof(c20_ctx->key));
+ explicit_bzero(c20_ctx->key, sizeof(c20_ctx->key));
free(c20_ctx);
}
diff --git a/lib/libssl/src/crypto/evp/e_idea.c b/lib/libssl/src/crypto/evp/e_idea.c
index 3ba4dbcdb97..454ad4e6722 100644
--- a/lib/libssl/src/crypto/evp/e_idea.c
+++ b/lib/libssl/src/crypto/evp/e_idea.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_idea.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: e_idea.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <openssl/opensslconf.h>
@@ -115,7 +116,7 @@ idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
idea_set_encrypt_key(key, &tmp);
idea_set_decrypt_key(&tmp, ctx->cipher_data);
- OPENSSL_cleanse((unsigned char *)&tmp,
+ explicit_bzero((unsigned char *)&tmp,
sizeof(IDEA_KEY_SCHEDULE));
}
return 1;
diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c
index 42ccfceec98..99bf59e05f4 100644
--- a/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/lib/libssl/src/crypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.26 2015/02/10 09:52:35 miod Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.27 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -562,7 +562,7 @@ EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
return 0;
/* Cleanse cipher context data */
if (c->cipher_data)
- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+ explicit_bzero(c->cipher_data, c->cipher->ctx_size);
}
free(c->cipher_data);
#ifndef OPENSSL_NO_ENGINE
diff --git a/lib/libssl/src/crypto/evp/evp_key.c b/lib/libssl/src/crypto/evp/evp_key.c
index 0678536ccb4..2c76743e428 100644
--- a/lib/libssl/src/crypto/evp/evp_key.c
+++ b/lib/libssl/src/crypto/evp/evp_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_key.c,v 1.22 2015/02/10 09:55:39 miod Exp $ */
+/* $OpenBSD: evp_key.c,v 1.23 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -116,7 +116,7 @@ EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
}
ret = UI_process(ui);
UI_free(ui);
- OPENSSL_cleanse(buff, BUFSIZ);
+ explicit_bzero(buff, BUFSIZ);
return ret;
}
@@ -201,6 +201,6 @@ EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
err:
EVP_MD_CTX_cleanup(&c);
- OPENSSL_cleanse(md_buf, sizeof md_buf);
+ explicit_bzero(md_buf, sizeof md_buf);
return rv;
}
diff --git a/lib/libssl/src/crypto/evp/p5_crpt.c b/lib/libssl/src/crypto/evp/p5_crpt.c
index 112a69114c8..626910fd7ab 100644
--- a/lib/libssl/src/crypto/evp/p5_crpt.c
+++ b/lib/libssl/src/crypto/evp/p5_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_crpt.c,v 1.15 2015/02/10 09:52:35 miod Exp $ */
+/* $OpenBSD: p5_crpt.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -147,9 +147,9 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
EVP_CIPHER_iv_length(cipher));
if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
goto err;
- OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
- OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
- OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+ explicit_bzero(md_tmp, EVP_MAX_MD_SIZE);
+ explicit_bzero(key, EVP_MAX_KEY_LENGTH);
+ explicit_bzero(iv, EVP_MAX_IV_LENGTH);
rv = 1;
err:
EVP_MD_CTX_cleanup(&ctx);
diff --git a/lib/libssl/src/crypto/evp/p5_crpt2.c b/lib/libssl/src/crypto/evp/p5_crpt2.c
index afafb9551f8..632c2c76ce0 100644
--- a/lib/libssl/src/crypto/evp/p5_crpt2.c
+++ b/lib/libssl/src/crypto/evp/p5_crpt2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_crpt2.c,v 1.20 2015/02/14 15:49:51 miod Exp $ */
+/* $OpenBSD: p5_crpt2.c,v 1.21 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -300,7 +300,7 @@ PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
err:
- OPENSSL_cleanse(key, keylen);
+ explicit_bzero(key, keylen);
PBKDF2PARAM_free(kdf);
return rv;
}
diff --git a/lib/libssl/src/crypto/evp/p_open.c b/lib/libssl/src/crypto/evp/p_open.c
index aca83e74f66..002a6dea706 100644
--- a/lib/libssl/src/crypto/evp/p_open.c
+++ b/lib/libssl/src/crypto/evp/p_open.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_open.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: p_open.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <openssl/opensslconf.h>
@@ -109,7 +110,7 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
err:
if (key != NULL)
- OPENSSL_cleanse(key, size);
+ explicit_bzero(key, size);
free(key);
return (ret);
}
diff --git a/lib/libssl/src/crypto/gost/gost2814789.c b/lib/libssl/src/crypto/gost/gost2814789.c
index b1bef9eae3e..e285413ed46 100644
--- a/lib/libssl/src/crypto/gost/gost2814789.c
+++ b/lib/libssl/src/crypto/gost/gost2814789.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gost2814789.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */
+/* $OpenBSD: gost2814789.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */
/*
* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Copyright (c) 2005-2006 Cryptocom LTD
@@ -464,7 +464,7 @@ GOST2814789IMIT(const unsigned char *d, size_t n, unsigned char *md, int nid,
Gost2814789_set_key(&c.cipher, key, 256);
GOST2814789IMIT_Update(&c, d, n);
GOST2814789IMIT_Final(md, &c);
- OPENSSL_cleanse(&c, sizeof(c));
+ explicit_bzero(&c, sizeof(c));
return (md);
}
diff --git a/lib/libssl/src/crypto/gost/gostr341001_key.c b/lib/libssl/src/crypto/gost/gostr341001_key.c
index dbe360620a8..894a189e3bc 100644
--- a/lib/libssl/src/crypto/gost/gostr341001_key.c
+++ b/lib/libssl/src/crypto/gost/gostr341001_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_key.c,v 1.5 2015/02/14 06:40:04 jsing Exp $ */
+/* $OpenBSD: gostr341001_key.c,v 1.6 2015/09/10 15:56:25 jsing Exp $ */
/*
* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Copyright (c) 2005-2006 Cryptocom LTD
@@ -49,6 +49,8 @@
* ====================================================================
*/
+#include <string.h>
+
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_GOST
@@ -103,7 +105,7 @@ GOST_KEY_free(GOST_KEY *r)
EC_POINT_free(r->pub_key);
BN_clear_free(r->priv_key);
- OPENSSL_cleanse((void *)r, sizeof(GOST_KEY));
+ explicit_bzero((void *)r, sizeof(GOST_KEY));
free(r);
}
diff --git a/lib/libssl/src/crypto/gost/gostr341194.c b/lib/libssl/src/crypto/gost/gostr341194.c
index 32c166aefa0..2a462185aa4 100644
--- a/lib/libssl/src/crypto/gost/gostr341194.c
+++ b/lib/libssl/src/crypto/gost/gostr341194.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341194.c,v 1.4 2015/07/15 17:13:17 beck Exp $ */
+/* $OpenBSD: gostr341194.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */
/*
* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Copyright (c) 2005-2006 Cryptocom LTD
@@ -267,7 +267,7 @@ GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid)
return 0;
GOSTR341194_Update(&c, d, n);
GOSTR341194_Final(md, &c);
- OPENSSL_cleanse(&c, sizeof(c));
+ explicit_bzero(&c, sizeof(c));
return (md);
}
#endif
diff --git a/lib/libssl/src/crypto/gost/streebog.c b/lib/libssl/src/crypto/gost/streebog.c
index 8060161d11f..902472bd9e2 100644
--- a/lib/libssl/src/crypto/gost/streebog.c
+++ b/lib/libssl/src/crypto/gost/streebog.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: streebog.c,v 1.4 2014/12/07 16:33:51 jsing Exp $ */
+/* $OpenBSD: streebog.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */
/*
* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Copyright (c) 2005-2006 Cryptocom LTD
@@ -1455,7 +1455,7 @@ STREEBOG256(const unsigned char *d, size_t n, unsigned char *md)
STREEBOG256_Init(&c);
STREEBOG256_Update(&c, d, n);
STREEBOG256_Final(md, &c);
- OPENSSL_cleanse(&c, sizeof(c));
+ explicit_bzero(&c, sizeof(c));
return (md);
}
@@ -1470,7 +1470,7 @@ STREEBOG512(const unsigned char *d, size_t n, unsigned char *md)
STREEBOG512_Init(&c);
STREEBOG512_Update(&c, d, n);
STREEBOG512_Final(md, &c);
- OPENSSL_cleanse(&c, sizeof(c));
+ explicit_bzero(&c, sizeof(c));
return (md);
}
diff --git a/lib/libssl/src/crypto/hmac/hm_ameth.c b/lib/libssl/src/crypto/hmac/hm_ameth.c
index da3471c4fd4..cfa02397051 100644
--- a/lib/libssl/src/crypto/hmac/hm_ameth.c
+++ b/lib/libssl/src/crypto/hmac/hm_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hm_ameth.c,v 1.9 2015/07/20 15:45:29 miod Exp $ */
+/* $OpenBSD: hm_ameth.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2007.
*/
@@ -83,7 +83,7 @@ hmac_key_free(EVP_PKEY *pkey)
if (os) {
if (os->data)
- OPENSSL_cleanse(os->data, os->length);
+ explicit_bzero(os->data, os->length);
ASN1_OCTET_STRING_free(os);
}
}
diff --git a/lib/libssl/src/crypto/hmac/hm_pmeth.c b/lib/libssl/src/crypto/hmac/hm_pmeth.c
index 255f4ece8bb..c5ac6c00c0f 100644
--- a/lib/libssl/src/crypto/hmac/hm_pmeth.c
+++ b/lib/libssl/src/crypto/hmac/hm_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hm_pmeth.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: hm_pmeth.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2007.
*/
@@ -124,7 +124,7 @@ pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
HMAC_CTX_cleanup(&hctx->ctx);
if (hctx->ktmp.data) {
if (hctx->ktmp.length)
- OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length);
+ explicit_bzero(hctx->ktmp.data, hctx->ktmp.length);
free(hctx->ktmp.data);
hctx->ktmp.data = NULL;
}
diff --git a/lib/libssl/src/crypto/md4/md4_one.c b/lib/libssl/src/crypto/md4/md4_one.c
index 144f131914f..9577d6577bf 100644
--- a/lib/libssl/src/crypto/md4/md4_one.c
+++ b/lib/libssl/src/crypto/md4/md4_one.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: md4_one.c,v 1.7 2015/09/10 15:03:58 jsing Exp $ */
+/* $OpenBSD: md4_one.c,v 1.8 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -71,7 +71,7 @@ unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
return NULL;
MD4_Update(&c,d,n);
MD4_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
+ explicit_bzero(&c,sizeof(c));
return(md);
}
diff --git a/lib/libssl/src/crypto/md5/md5_one.c b/lib/libssl/src/crypto/md5/md5_one.c
index f4cc56adb22..3fb05de30c3 100644
--- a/lib/libssl/src/crypto/md5/md5_one.c
+++ b/lib/libssl/src/crypto/md5/md5_one.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: md5_one.c,v 1.9 2015/09/10 15:03:59 jsing Exp $ */
+/* $OpenBSD: md5_one.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -71,7 +71,7 @@ unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
return NULL;
MD5_Update(&c,d,n);
MD5_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
+ explicit_bzero(&c,sizeof(c));
return(md);
}
diff --git a/lib/libssl/src/crypto/modes/gcm128.c b/lib/libssl/src/crypto/modes/gcm128.c
index 4a72901a334..dd6d91e8807 100644
--- a/lib/libssl/src/crypto/modes/gcm128.c
+++ b/lib/libssl/src/crypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.12 2015/02/10 09:46:30 miod Exp $ */
+/* $OpenBSD: gcm128.c,v 1.13 2015/09/10 15:56:25 jsing Exp $ */
/* ====================================================================
* Copyright (c) 2010 The OpenSSL Project. All rights reserved.
*
@@ -1533,7 +1533,7 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block)
void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx)
{
if (ctx) {
- OPENSSL_cleanse(ctx,sizeof(*ctx));
+ explicit_bzero(ctx,sizeof(*ctx));
free(ctx);
}
}
diff --git a/lib/libssl/src/crypto/pem/pem_info.c b/lib/libssl/src/crypto/pem/pem_info.c
index 6fe72ce742e..191e3b5b104 100644
--- a/lib/libssl/src/crypto/pem/pem_info.c
+++ b/lib/libssl/src/crypto/pem/pem_info.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_info.c,v 1.20 2015/02/10 09:52:35 miod Exp $ */
+/* $OpenBSD: pem_info.c,v 1.21 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -400,7 +400,7 @@ PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
ret = 1;
err:
- OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
- OPENSSL_cleanse(buf, PEM_BUFSIZE);
+ explicit_bzero((char *)&ctx, sizeof(ctx));
+ explicit_bzero(buf, PEM_BUFSIZE);
return (ret);
}
diff --git a/lib/libssl/src/crypto/pem/pem_lib.c b/lib/libssl/src/crypto/pem/pem_lib.c
index 6f8759a9ee9..852b0eaf866 100644
--- a/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/lib/libssl/src/crypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.41 2015/07/19 18:29:31 miod Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.42 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -403,7 +403,7 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
goto err;
if (kstr == (unsigned char *)buf)
- OPENSSL_cleanse(buf, PEM_BUFSIZE);
+ explicit_bzero(buf, PEM_BUFSIZE);
if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) {
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
@@ -434,12 +434,12 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
if (i <= 0)
ret = 0;
err:
- OPENSSL_cleanse(key, sizeof(key));
- OPENSSL_cleanse(iv, sizeof(iv));
- OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
- OPENSSL_cleanse(buf, PEM_BUFSIZE);
+ explicit_bzero(key, sizeof(key));
+ explicit_bzero(iv, sizeof(iv));
+ explicit_bzero((char *)&ctx, sizeof(ctx));
+ explicit_bzero(buf, PEM_BUFSIZE);
if (data != NULL) {
- OPENSSL_cleanse(data, (unsigned int)dsize);
+ explicit_bzero(data, (unsigned int)dsize);
free(data);
}
return (ret);
@@ -480,8 +480,8 @@ PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
if (o)
o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
EVP_CIPHER_CTX_cleanup(&ctx);
- OPENSSL_cleanse((char *)buf, sizeof(buf));
- OPENSSL_cleanse((char *)key, sizeof(key));
+ explicit_bzero((char *)buf, sizeof(buf));
+ explicit_bzero((char *)key, sizeof(key));
if (!o) {
PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
return (0);
@@ -640,7 +640,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
EVP_EncodeFinal(&ctx, buf, &outl);
if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
goto err;
- OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
+ explicit_bzero(buf, PEM_BUFSIZE * 8);
free(buf);
buf = NULL;
if ((BIO_write(bp, "-----END ", 9) != 9) ||
@@ -651,7 +651,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
err:
if (buf) {
- OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
+ explicit_bzero(buf, PEM_BUFSIZE * 8);
free(buf);
}
PEMerr(PEM_F_PEM_WRITE_BIO, reason);
diff --git a/lib/libssl/src/crypto/pem/pem_pk8.c b/lib/libssl/src/crypto/pem/pem_pk8.c
index 5b0fcc236bc..d02dec15464 100644
--- a/lib/libssl/src/crypto/pem/pem_pk8.c
+++ b/lib/libssl/src/crypto/pem/pem_pk8.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_pk8.c,v 1.9 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: pem_pk8.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <openssl/buffer.h>
#include <openssl/err.h>
@@ -135,7 +136,7 @@ do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
}
p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
if (kstr == buf)
- OPENSSL_cleanse(buf, klen);
+ explicit_bzero(buf, klen);
PKCS8_PRIV_KEY_INFO_free(p8inf);
if (isder)
ret = i2d_PKCS8_bio(bp, p8);
diff --git a/lib/libssl/src/crypto/pem/pem_pkey.c b/lib/libssl/src/crypto/pem/pem_pkey.c
index e9c0a8b1c9f..afb476f818d 100644
--- a/lib/libssl/src/crypto/pem/pem_pkey.c
+++ b/lib/libssl/src/crypto/pem/pem_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_pkey.c,v 1.20 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: pem_pkey.c,v 1.21 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -144,7 +144,7 @@ p8err:
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
err:
free(nm);
- OPENSSL_cleanse(data, len);
+ explicit_bzero(data, len);
free(data);
return (ret);
}
diff --git a/lib/libssl/src/crypto/pem/pem_seal.c b/lib/libssl/src/crypto/pem/pem_seal.c
index 08837bd7f7a..96687eb77f9 100644
--- a/lib/libssl/src/crypto/pem/pem_seal.c
+++ b/lib/libssl/src/crypto/pem/pem_seal.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_seal.c,v 1.21 2014/10/18 17:20:40 jsing Exp $ */
+/* $OpenBSD: pem_seal.c,v 1.22 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -117,7 +117,7 @@ PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
err:
free(s);
- OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+ explicit_bzero(key, EVP_MAX_KEY_LENGTH);
return (ret);
}
diff --git a/lib/libssl/src/crypto/pem/pvkfmt.c b/lib/libssl/src/crypto/pem/pvkfmt.c
index 025381bcc0d..f5a9de39fc7 100644
--- a/lib/libssl/src/crypto/pem/pvkfmt.c
+++ b/lib/libssl/src/crypto/pem/pvkfmt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pvkfmt.c,v 1.13 2015/05/15 11:00:14 jsg Exp $ */
+/* $OpenBSD: pvkfmt.c,v 1.14 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
@@ -765,7 +765,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
NULL))
goto err;
- OPENSSL_cleanse(keybuf, 20);
+ explicit_bzero(keybuf, 20);
if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
goto err;
if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen,
@@ -777,7 +777,7 @@ do_PVK_body(const unsigned char **in, unsigned int saltlen,
goto err;
}
} else
- OPENSSL_cleanse(keybuf, 20);
+ explicit_bzero(keybuf, 20);
p = enctmp;
}
@@ -823,7 +823,7 @@ b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
err:
if (buf) {
- OPENSSL_cleanse(buf, buflen);
+ explicit_bzero(buf, buflen);
free(buf);
}
return ret;
@@ -894,7 +894,7 @@ i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb,
p = salt + PVK_SALTLEN + 8;
if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
goto error;
- OPENSSL_cleanse(keybuf, 20);
+ explicit_bzero(keybuf, 20);
if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
goto error;
if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
diff --git a/lib/libssl/src/crypto/pkcs12/p12_crpt.c b/lib/libssl/src/crypto/pkcs12/p12_crpt.c
index 288c93c49f9..0f215d2fe2d 100644
--- a/lib/libssl/src/crypto/pkcs12/p12_crpt.c
+++ b/lib/libssl/src/crypto/pkcs12/p12_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_crpt.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: p12_crpt.c,v 1.12 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
@@ -111,7 +112,7 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
}
PBEPARAM_free(pbe);
ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
- OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
- OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+ explicit_bzero(key, EVP_MAX_KEY_LENGTH);
+ explicit_bzero(iv, EVP_MAX_IV_LENGTH);
return ret;
}
diff --git a/lib/libssl/src/crypto/pkcs12/p12_decr.c b/lib/libssl/src/crypto/pkcs12/p12_decr.c
index 4cccf43d3f8..00195f0a988 100644
--- a/lib/libssl/src/crypto/pkcs12/p12_decr.c
+++ b/lib/libssl/src/crypto/pkcs12/p12_decr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_decr.c,v 1.15 2015/05/15 11:00:14 jsg Exp $ */
+/* $OpenBSD: p12_decr.c,v 1.16 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
@@ -137,7 +138,7 @@ PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
p = out;
ret = ASN1_item_d2i(NULL, &p, outlen, it);
if (zbuf)
- OPENSSL_cleanse(out, outlen);
+ explicit_bzero(out, outlen);
if (!ret)
PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
PKCS12_R_DECODE_ERROR);
@@ -176,7 +177,7 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
goto err;
}
if (zbuf)
- OPENSSL_cleanse(in, inlen);
+ explicit_bzero(in, inlen);
free(in);
return oct;
diff --git a/lib/libssl/src/crypto/pkcs12/p12_key.c b/lib/libssl/src/crypto/pkcs12/p12_key.c
index 0b3547a6fb5..38f8a8194c7 100644
--- a/lib/libssl/src/crypto/pkcs12/p12_key.c
+++ b/lib/libssl/src/crypto/pkcs12/p12_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p12_key.c,v 1.22 2015/02/07 13:19:15 doug Exp $ */
+/* $OpenBSD: p12_key.c,v 1.23 2015/09/10 15:56:25 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -89,7 +89,7 @@ PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
if (ret <= 0)
return 0;
if (unipass) {
- OPENSSL_cleanse(unipass, uniplen);
+ explicit_bzero(unipass, uniplen);
free(unipass);
}
return ret;
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index 24bcebef616..7755c3c30ef 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_doit.c,v 1.36 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.37 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -233,7 +233,7 @@ pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
ret = 1;
if (*pek) {
- OPENSSL_cleanse(*pek, *peklen);
+ explicit_bzero(*pek, *peklen);
free(*pek);
}
@@ -371,7 +371,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
goto err;
}
- OPENSSL_cleanse(key, keylen);
+ explicit_bzero(key, keylen);
if (out == NULL)
out = btmp;
@@ -588,7 +588,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
*/
if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
/* Use random key as MMA defence */
- OPENSSL_cleanse(ek, eklen);
+ explicit_bzero(ek, eklen);
free(ek);
ek = tkey;
eklen = tkeylen;
@@ -601,12 +601,12 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
goto err;
if (ek) {
- OPENSSL_cleanse(ek, eklen);
+ explicit_bzero(ek, eklen);
free(ek);
ek = NULL;
}
if (tkey) {
- OPENSSL_cleanse(tkey, tkeylen);
+ explicit_bzero(tkey, tkeylen);
free(tkey);
tkey = NULL;
}
@@ -635,11 +635,11 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
if (0) {
err:
if (ek) {
- OPENSSL_cleanse(ek, eklen);
+ explicit_bzero(ek, eklen);
free(ek);
}
if (tkey) {
- OPENSSL_cleanse(tkey, tkeylen);
+ explicit_bzero(tkey, tkeylen);
free(tkey);
}
if (out != NULL)
diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c
index 6948a83634f..72c065c48da 100644
--- a/lib/libssl/src/crypto/rand/randfile.c
+++ b/lib/libssl/src/crypto/rand/randfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: randfile.c,v 1.41 2015/07/18 22:46:42 beck Exp $ */
+/* $OpenBSD: randfile.c,v 1.42 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -130,7 +130,7 @@ RAND_write_file(const char *file)
}
fclose(out);
- OPENSSL_cleanse(buf, BUFSIZE);
+ explicit_bzero(buf, BUFSIZE);
return ret;
}
diff --git a/lib/libssl/src/crypto/ripemd/rmd_one.c b/lib/libssl/src/crypto/ripemd/rmd_one.c
index 84b13d53122..0d372f32f78 100644
--- a/lib/libssl/src/crypto/ripemd/rmd_one.c
+++ b/lib/libssl/src/crypto/ripemd/rmd_one.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rmd_one.c,v 1.8 2015/09/10 15:03:59 jsing Exp $ */
+/* $OpenBSD: rmd_one.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -72,7 +72,7 @@ unsigned char *RIPEMD160(const unsigned char *d, size_t n,
return NULL;
RIPEMD160_Update(&c,d,n);
RIPEMD160_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
+ explicit_bzero(&c,sizeof(c));
return(md);
}
diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c
index 940964cac30..76863e7220e 100644
--- a/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_eay.c,v 1.39 2015/06/13 08:38:10 doug Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.40 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -110,6 +110,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <openssl/opensslconf.h>
@@ -242,7 +243,7 @@ err:
BN_CTX_free(ctx);
}
if (buf != NULL) {
- OPENSSL_cleanse(buf, num);
+ explicit_bzero(buf, num);
free(buf);
}
return r;
@@ -472,7 +473,7 @@ err:
BN_CTX_free(ctx);
}
if (buf != NULL) {
- OPENSSL_cleanse(buf, num);
+ explicit_bzero(buf, num);
free(buf);
}
return r;
@@ -607,7 +608,7 @@ err:
BN_CTX_free(ctx);
}
if (buf != NULL) {
- OPENSSL_cleanse(buf, num);
+ explicit_bzero(buf, num);
free(buf);
}
return r;
@@ -712,7 +713,7 @@ err:
BN_CTX_free(ctx);
}
if (buf != NULL) {
- OPENSSL_cleanse(buf, num);
+ explicit_bzero(buf, num);
free(buf);
}
return r;
diff --git a/lib/libssl/src/crypto/rsa/rsa_saos.c b/lib/libssl/src/crypto/rsa/rsa_saos.c
index 3a07a7af4a4..0a4f37a3da2 100644
--- a/lib/libssl/src/crypto/rsa/rsa_saos.c
+++ b/lib/libssl/src/crypto/rsa/rsa_saos.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_saos.c,v 1.17 2015/07/19 18:29:31 miod Exp $ */
+/* $OpenBSD: rsa_saos.c,v 1.18 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -97,7 +97,7 @@ RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len,
else
*siglen = i;
- OPENSSL_cleanse(s, (unsigned int)j + 1);
+ explicit_bzero(s, (unsigned int)j + 1);
free(s);
return ret;
}
@@ -142,7 +142,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
err:
M_ASN1_OCTET_STRING_free(sig);
if (s != NULL) {
- OPENSSL_cleanse(s, (unsigned int)siglen);
+ explicit_bzero(s, (unsigned int)siglen);
free(s);
}
return ret;
diff --git a/lib/libssl/src/crypto/rsa/rsa_sign.c b/lib/libssl/src/crypto/rsa/rsa_sign.c
index db63c5f038e..7be08f544b0 100644
--- a/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.24 2015/07/19 18:29:31 miod Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.25 2015/09/10 15:56:25 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -137,7 +137,7 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
*siglen = i;
if (type != NID_md5_sha1) {
- OPENSSL_cleanse(tmps, (unsigned int)j + 1);
+ explicit_bzero(tmps, (unsigned int)j + 1);
free(tmps);
}
return (ret);
@@ -237,7 +237,7 @@ err:
if (sig != NULL)
X509_SIG_free(sig);
if (s != NULL) {
- OPENSSL_cleanse(s, (unsigned int)siglen);
+ explicit_bzero(s, (unsigned int)siglen);
free(s);
}
return ret;
diff --git a/lib/libssl/src/crypto/sha/sha1_one.c b/lib/libssl/src/crypto/sha/sha1_one.c
index f6b5e4bacf8..91602ee5037 100644
--- a/lib/libssl/src/crypto/sha/sha1_one.c
+++ b/lib/libssl/src/crypto/sha/sha1_one.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha1_one.c,v 1.11 2014/07/10 22:45:58 jsing Exp $ */
+/* $OpenBSD: sha1_one.c,v 1.12 2015/09/10 15:56:26 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -75,7 +75,7 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
return NULL;
SHA1_Update(&c,d,n);
SHA1_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
+ explicit_bzero(&c,sizeof(c));
return(md);
}
#endif
diff --git a/lib/libssl/src/crypto/sha/sha256.c b/lib/libssl/src/crypto/sha/sha256.c
index c5ab56852f2..d584660369c 100644
--- a/lib/libssl/src/crypto/sha/sha256.c
+++ b/lib/libssl/src/crypto/sha/sha256.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha256.c,v 1.8 2014/08/18 19:11:48 bcook Exp $ */
+/* $OpenBSD: sha256.c,v 1.9 2015/09/10 15:56:26 jsing Exp $ */
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved
* according to the OpenSSL license [found in ../../LICENSE].
@@ -49,7 +49,7 @@ unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
SHA224_Init(&c);
SHA256_Update(&c,d,n);
SHA256_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
+ explicit_bzero(&c,sizeof(c));
return(md);
}
@@ -62,7 +62,7 @@ unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
SHA256_Init(&c);
SHA256_Update(&c,d,n);
SHA256_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
+ explicit_bzero(&c,sizeof(c));
return(md);
}
diff --git a/lib/libssl/src/crypto/sha/sha512.c b/lib/libssl/src/crypto/sha/sha512.c
index ad72b7e6f1f..7a55c0acc9d 100644
--- a/lib/libssl/src/crypto/sha/sha512.c
+++ b/lib/libssl/src/crypto/sha/sha512.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha512.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: sha512.c,v 1.14 2015/09/10 15:56:26 jsing Exp $ */
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved
* according to the OpenSSL license [found in ../../LICENSE].
@@ -248,7 +248,7 @@ unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
SHA384_Init(&c);
SHA512_Update(&c,d,n);
SHA512_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
+ explicit_bzero(&c,sizeof(c));
return(md);
}
@@ -261,7 +261,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
SHA512_Init(&c);
SHA512_Update(&c,d,n);
SHA512_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
+ explicit_bzero(&c,sizeof(c));
return(md);
}
diff --git a/lib/libssl/src/crypto/sha/sha_one.c b/lib/libssl/src/crypto/sha/sha_one.c
index 1d3fc35f05d..ad04021eb1d 100644
--- a/lib/libssl/src/crypto/sha/sha_one.c
+++ b/lib/libssl/src/crypto/sha/sha_one.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha_one.c,v 1.8 2014/07/10 22:45:58 jsing Exp $ */
+/* $OpenBSD: sha_one.c,v 1.9 2015/09/10 15:56:26 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -75,7 +75,7 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md)
return NULL;
SHA_Update(&c,d,n);
SHA_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
+ explicit_bzero(&c,sizeof(c));
return(md);
}
#endif
diff --git a/lib/libssl/src/crypto/ui/ui_openssl.c b/lib/libssl/src/crypto/ui/ui_openssl.c
index b3d2971a026..9562c2c937a 100644
--- a/lib/libssl/src/crypto/ui/ui_openssl.c
+++ b/lib/libssl/src/crypto/ui/ui_openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ui_openssl.c,v 1.24 2015/07/16 02:46:49 guenther Exp $ */
+/* $OpenBSD: ui_openssl.c,v 1.25 2015/09/10 15:56:26 jsing Exp $ */
/* Written by Richard Levitte (richard@levitte.org) and others
* for the OpenSSL project 2001.
*/
@@ -286,7 +286,7 @@ error:
if (ps >= 1)
popsig();
- OPENSSL_cleanse(result, BUFSIZ);
+ explicit_bzero(result, BUFSIZ);
return ok;
}
diff --git a/lib/libssl/src/crypto/ui/ui_util.c b/lib/libssl/src/crypto/ui/ui_util.c
index e5cee913b27..d1040c9826a 100644
--- a/lib/libssl/src/crypto/ui/ui_util.c
+++ b/lib/libssl/src/crypto/ui/ui_util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ui_util.c,v 1.9 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: ui_util.c,v 1.10 2015/09/10 15:56:26 jsing Exp $ */
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*
@@ -67,7 +67,7 @@ UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
ret = UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
prompt, verify);
- OPENSSL_cleanse(buff, BUFSIZ);
+ explicit_bzero(buff, BUFSIZ);
return (ret);
}
diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c
index 23d6b372c91..2b736b92439 100644
--- a/lib/libssl/src/ssl/d1_clnt.c
+++ b/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.48 2015/09/02 17:59:15 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.49 2015/09/10 15:56:26 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -731,7 +731,7 @@ dtls1_send_client_key_exchange(SSL *s)
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
tmp_buf, sizeof tmp_buf);
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+ explicit_bzero(tmp_buf, sizeof tmp_buf);
} else if (alg_k & SSL_kDHE) {
DH *dh_srvr, *dh_clnt;
diff --git a/lib/libssl/src/ssl/d1_lib.c b/lib/libssl/src/ssl/d1_lib.c
index b269efe4690..e7eca4a8cd4 100644
--- a/lib/libssl/src/ssl/d1_lib.c
+++ b/lib/libssl/src/ssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.29 2015/07/19 20:32:18 doug Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.30 2015/09/10 15:56:26 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -203,7 +203,7 @@ dtls1_free(SSL *s)
pqueue_free(s->d1->sent_messages);
pqueue_free(s->d1->buffered_app_data.q);
- OPENSSL_cleanse(s->d1, sizeof *s->d1);
+ explicit_bzero(s->d1, sizeof *s->d1);
free(s->d1);
s->d1 = NULL;
}
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index 1d1a0c77f0b..e4ce8163ac8 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.125 2015/09/02 17:59:15 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.126 2015/09/10 15:56:26 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1933,7 +1933,7 @@ ssl3_send_client_key_exchange(SSL *s)
s->session->master_key_length =
s->method->ssl3_enc->generate_master_secret(
s, s->session->master_key, tmp_buf, sizeof tmp_buf);
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+ explicit_bzero(tmp_buf, sizeof tmp_buf);
} else if (alg_k & SSL_kDHE) {
DH *dh_srvr, *dh_clnt;
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c
index bfa719df5fe..515072a99ea 100644
--- a/lib/libssl/src/ssl/s3_enc.c
+++ b/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.61 2015/07/19 20:32:18 doug Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.62 2015/09/10 15:56:26 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -209,7 +209,7 @@ ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
km += MD5_DIGEST_LENGTH;
}
- OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH);
+ explicit_bzero(smd, SHA_DIGEST_LENGTH);
EVP_MD_CTX_cleanup(&m5);
EVP_MD_CTX_cleanup(&s1);
return 1;
@@ -392,7 +392,7 @@ void
ssl3_cleanup_key_block(SSL *s)
{
if (s->s3->tmp.key_block != NULL) {
- OPENSSL_cleanse(s->s3->tmp.key_block,
+ explicit_bzero(s->s3->tmp.key_block,
s->s3->tmp.key_block_length);
free(s->s3->tmp.key_block);
s->s3->tmp.key_block = NULL;
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index 42396a21e9d..4e6b1236983 100644
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.100 2015/08/27 06:21:15 doug Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.101 2015/09/10 15:56:26 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2066,7 +2066,7 @@ ssl3_free(SSL *s)
ssl3_free_digest_list(s);
free(s->s3->alpn_selected);
- OPENSSL_cleanse(s->s3, sizeof *s->s3);
+ explicit_bzero(s->s3, sizeof *s->s3);
free(s->s3);
s->s3 = NULL;
}
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index 3f9f6720fac..b2c4f8e0d2b 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.115 2015/09/01 13:38:27 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.116 2015/09/10 15:56:26 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1725,7 +1725,7 @@ ssl3_get_client_key_exchange(SSL *s)
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
p, i);
- OPENSSL_cleanse(p, i);
+ explicit_bzero(p, i);
} else if (alg_k & SSL_kDHE) {
if (2 > n)
goto truncated;
@@ -1776,7 +1776,7 @@ ssl3_get_client_key_exchange(SSL *s)
s->session->master_key_length =
s->method->ssl3_enc->generate_master_secret(
s, s->session->master_key, p, i);
- OPENSSL_cleanse(p, i);
+ explicit_bzero(p, i);
} else
if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
@@ -1920,7 +1920,7 @@ ssl3_get_client_key_exchange(SSL *s)
s->session->master_key_length = s->method->ssl3_enc-> \
generate_master_secret(s, s->session->master_key, p, i);
- OPENSSL_cleanse(p, i);
+ explicit_bzero(p, i);
return (ret);
} else
if (alg_k & SSL_kGOST) {
diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c
index a688b9ef410..5d18c8a0b4e 100644
--- a/lib/libssl/src/ssl/ssl_sess.c
+++ b/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.46 2015/08/27 06:21:15 doug Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.47 2015/09/10 15:56:26 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -694,8 +694,8 @@ SSL_SESSION_free(SSL_SESSION *ss)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
- OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
+ explicit_bzero(ss->master_key, sizeof ss->master_key);
+ explicit_bzero(ss->session_id, sizeof ss->session_id);
if (ss->sess_cert != NULL)
ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL)
@@ -708,7 +708,7 @@ SSL_SESSION_free(SSL_SESSION *ss)
free(ss->tlsext_ecpointformatlist);
ss->tlsext_ellipticcurvelist_length = 0;
free(ss->tlsext_ellipticcurvelist);
- OPENSSL_cleanse(ss, sizeof(*ss));
+ explicit_bzero(ss, sizeof(*ss));
free(ss);
}
diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c
index a3a5d4dd7d8..5d2b8eaf896 100644
--- a/lib/libssl/src/ssl/t1_enc.c
+++ b/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.80 2015/08/27 14:16:57 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.81 2015/09/10 15:56:26 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -226,7 +226,7 @@ err:
EVP_PKEY_free(mac_key);
EVP_MD_CTX_cleanup(&ctx);
EVP_MD_CTX_cleanup(&ctx_tmp);
- OPENSSL_cleanse(A1, sizeof(A1));
+ explicit_bzero(A1, sizeof(A1));
return ret;
}
@@ -659,7 +659,7 @@ tls1_setup_key_block(SSL *s)
err:
if (tmp_block) {
- OPENSSL_cleanse(tmp_block, key_block_len);
+ explicit_bzero(tmp_block, key_block_len);
free(tmp_block);
}
return (ret);