Use explicit_bzero() instead of memset() for zeroing out secrets.

OK deraadt@

8 files changed, 26 insertions, 27 deletions

diff --git a/libexec/login_chpass/login_chpass.c b/libexec/login_chpass/login_chpass.c
index 903ca333a28..3abd7210182 100644
--- a/libexec/login_chpass/login_chpass.c
+++ b/libexec/login_chpass/login_chpass.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login_chpass.c,v 1.16 2012/12/04 02:24:47 deraadt Exp $	*/
+/*	$OpenBSD: login_chpass.c,v 1.17 2015/10/05 17:31:17 millert Exp $	*/
 
 /*-
  * Copyright (c) 1995,1996 Berkeley Software Design, Inc. All rights reserved.
@@ -208,7 +208,7 @@ yp_chpass(char *username)
 			    pwd_gensalt(salt, sizeof(salt), lc, 'y') == 0)
 				strlcpy(salt, "xx", sizeof(salt));
 			crypt(p, salt);
-			memset(p, 0, strlen(p));
+			explicit_bzero(p, strlen(p));
 		}
 		warnx("YP passwd database unchanged.");
 		exit(1);
diff --git a/libexec/login_lchpass/login_lchpass.c b/libexec/login_lchpass/login_lchpass.c
index 6696067d38a..0882f7038d7 100644
--- a/libexec/login_lchpass/login_lchpass.c
+++ b/libexec/login_lchpass/login_lchpass.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login_lchpass.c,v 1.14 2012/12/04 02:24:47 deraadt Exp $	*/
+/*	$OpenBSD: login_lchpass.c,v 1.15 2015/10/05 17:31:17 millert Exp $	*/
 
 /*-
  * Copyright (c) 1995,1996 Berkeley Software Design, Inc. All rights reserved.
@@ -136,7 +136,7 @@ main(int argc, char *argv[])
 		exit(1);
 
 	salt = crypt(p, salt);
-	memset(p, 0, strlen(p));
+	explicit_bzero(p, strlen(p));
 	if (!pwd || strcmp(salt, pwd->pw_passwd) != 0)
 		exit(1);
 
diff --git a/libexec/login_passwd/login.c b/libexec/login_passwd/login.c
index 6548178e001..8d208e03381 100644
--- a/libexec/login_passwd/login.c
+++ b/libexec/login_passwd/login.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login.c,v 1.11 2015/01/16 06:39:50 deraadt Exp $	*/
+/*	$OpenBSD: login.c,v 1.12 2015/10/05 17:31:17 millert Exp $	*/
 
 /*-
  * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved.
@@ -158,7 +158,7 @@ main(int argc, char **argv)
 #endif
 
 	if (password != NULL)
-		memset(password, 0, strlen(password));
+		explicit_bzero(password, strlen(password));
 	if (ret != AUTH_OK)
 		fprintf(back, BI_REJECT "\n");
 
diff --git a/libexec/login_passwd/login_passwd.c b/libexec/login_passwd/login_passwd.c
index f646d891043..d769bdc0735 100644
--- a/libexec/login_passwd/login_passwd.c
+++ b/libexec/login_passwd/login_passwd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login_passwd.c,v 1.10 2014/09/16 22:07:02 tedu Exp $	*/
+/*	$OpenBSD: login_passwd.c,v 1.11 2015/10/05 17:31:17 millert Exp $	*/
 
 /*-
  * Copyright (c) 2001 Hans Insulander <hin@openbsd.org>.
@@ -54,7 +54,7 @@ pwd_login(char *username, char *password, char *wheel, int lastchance,
 	if (crypt_checkpass(password, goodhash) == 0)
 		passok = 1;
 	plen = strlen(password);
-	memset(password, 0, plen);
+	explicit_bzero(password, plen);
 
 	if (!passok)
 		return (AUTH_FAILED);
diff --git a/libexec/login_radius/raddauth.c b/libexec/login_radius/raddauth.c
index 71089908058..5261e377f49 100644
--- a/libexec/login_radius/raddauth.c
+++ b/libexec/login_radius/raddauth.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: raddauth.c,v 1.27 2015/01/16 06:39:50 deraadt Exp $	*/
+/*	$OpenBSD: raddauth.c,v 1.28 2015/10/05 17:31:17 millert Exp $	*/
 
 /*-
  * Copyright (c) 1996, 1997 Berkeley Software Design, Inc. All rights reserved.
@@ -397,6 +397,7 @@ rad_request(u_char id, char *name, char *password, int port, char *vector,
 		}
 		total_length += AUTH_VECTOR_LEN;
 	}
+	explicit_bzero(pass_buf, strlen(pass_buf));
 
 	/* Client id */
 	*ptr++ = PW_CLIENT_ID;
diff --git a/libexec/login_tis/login_tis.c b/libexec/login_tis/login_tis.c
index 3ac22aaa3f1..cbfa0a74c49 100644
--- a/libexec/login_tis/login_tis.c
+++ b/libexec/login_tis/login_tis.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: login_tis.c,v 1.12 2015/01/16 06:39:50 deraadt Exp $	*/
+/*	$OpenBSD: login_tis.c,v 1.13 2015/10/05 17:31:17 millert Exp $	*/
 
 /*
  * Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -395,8 +395,8 @@ tis_getkey(struct tis_connection *tc)
 	}
 	DES_string_to_key(key, &cblock);
 	error = DES_set_key(&cblock, &tc->keysched);
-	memset(key, 0, len);
-	memset(&cblock, 0, sizeof(cblock));
+	explicit_bzero(key, len);
+	explicit_bzero(&cblock, sizeof(cblock));
 	free(tbuf);
 	return (error);
 }
@@ -508,10 +508,10 @@ tis_recv(struct tis_connection *tc, u_char *buf, size_t bufsiz)
 		    len, &ks, &iv, DES_DECRYPT);
 		if (strlcpy(buf, tbuf, bufsiz) >= bufsiz) {
 			syslog(LOG_ERR, "unencrypted data too large to store");
-			memset(tbuf, 0, sizeof(tbuf));
+			explicit_bzero(tbuf, sizeof(tbuf));
 			return (-1);
 		}
-		memset(tbuf, 0, sizeof(tbuf));
+		explicit_bzero(tbuf, sizeof(tbuf));
 	}
 	return (len);
 }
@@ -657,7 +657,7 @@ tis_authorize(struct tis_connection *tc, const char *user,
 		syslog(LOG_ERR, "unexpected response from authsrv: %s", obuf);
 		resp = error;
 	}
-	memset(buf, 0, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 
 	return (resp);
 }
@@ -685,10 +685,10 @@ tis_verify(struct tis_connection *tc, const char *response, char *ebuf)
 	if (strncmp(buf, "ok", 2) == 0) {
 		if (buf[2] != '\0')
 			strlcpy(ebuf, buf + 3, TIS_BUFSIZ);
-		memset(buf, 0, sizeof(buf));
+		explicit_bzero(buf, sizeof(buf));
 		return (0);
 	}
 	strlcpy(ebuf, buf, TIS_BUFSIZ);
-	memset(buf, 0, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 	return (-1);
 }
diff --git a/libexec/login_token/token.c b/libexec/login_token/token.c
index 7c6f4569c8d..0bf5352e324 100644
--- a/libexec/login_token/token.c
+++ b/libexec/login_token/token.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: token.c,v 1.18 2013/12/03 01:29:00 deraadt Exp $	*/
+/*	$OpenBSD: token.c,v 1.19 2015/10/05 17:31:17 millert Exp $	*/
 
 /*-
  * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -189,7 +189,7 @@ tokenverify(char *username, char *challenge, char *response)
 		return (-1);
 
 	h2cb(tokenrec.secret, &user_seed);
-	memset(&tokenrec.secret, 0, sizeof(tokenrec.secret));
+	explicit_bzero(&tokenrec.secret, sizeof(tokenrec.secret));
 
 	if (!(tokenrec.flags & TOKEN_ENABLED))
 		return (-1);
@@ -201,10 +201,10 @@ tokenverify(char *username, char *challenge, char *response)
 
 	DES_fixup_key_parity(&user_seed.cb);
 	DES_key_sched(&user_seed.cb, &key_schedule);
-	memset(user_seed.ct, 0, sizeof(user_seed.ct));
+	explicit_bzero(user_seed.ct, sizeof(user_seed.ct));
 	DES_ecb_encrypt(&tokennumber.cb, &cipher_text.cb, &key_schedule,
 	    DES_ENCRYPT);
-	memset(&key_schedule, 0, sizeof(key_schedule));
+	explicit_bzero(&key_schedule, sizeof(key_schedule));
 
 	/*
 	 * The token thinks it's descended from VAXen.  Deal with i386
@@ -304,7 +304,7 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode)
 	 */
 
 	if (!(flags & TOKEN_GENSECRET)) {
-		memset(&secret, 0, sizeof(secret));
+		explicit_bzero(&secret, sizeof(secret));
 		return (0);
 	}
 
@@ -314,10 +314,10 @@ tokenuserinit(int flags, char *username, unsigned char *usecret, unsigned mode)
 	    secret.cb[4], secret.cb[5], secret.cb[6], secret.cb[7]);
 
 	DES_key_sched(&secret.cb, &key_schedule);
-	memset(&secret, 0, sizeof(secret));
+	explicit_bzero(&secret, sizeof(secret));
 	memset(&nulls, 0, sizeof(nulls));
 	DES_ecb_encrypt(&nulls.cb, &checksum.cb, &key_schedule, DES_ENCRYPT);
-	memset(&key_schedule, 0, sizeof(key_schedule));
+	explicit_bzero(&key_schedule, sizeof(key_schedule));
 	HTONL(checksum.ul[0]);
 	snprintf(checktxt.ct, sizeof(checktxt.ct), "%8.8x", checksum.ul[0]);
 	printf("Hex Checksum: \"%s\"", checktxt.ct);
diff --git a/libexec/login_token/tokendb.c b/libexec/login_token/tokendb.c
index 23a82c28a19..d52539ef192 100644
--- a/libexec/login_token/tokendb.c
+++ b/libexec/login_token/tokendb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tokendb.c,v 1.9 2012/12/04 02:24:47 deraadt Exp $	*/
+/*	$OpenBSD: tokendb.c,v 1.10 2015/10/05 17:31:17 millert Exp $	*/
 
 /*-
  * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -135,12 +135,10 @@ int
 tokendb_delrec(char *username)
 {
 	DBT	key;
-	DBT	data;
 	int	status = 0;
 
 	key.data = username;
 	key.size = strlen(username) + 1;
-	memset(&data, 0, sizeof(data));
 
 	if (!tokendb_open()) {
 		if (flock((tokendb->fd)(tokendb), LOCK_EX)) {