From 777da97698e271a6d50d6e1bf950e7f169f16270 Mon Sep 17 00:00:00 2001
From: Matthew Dempsky <matthew@cvs.openbsd.org>
Date: Wed, 25 Apr 2012 04:12:28 +0000
Subject: Use explicit_bzero() for clearing key material. Pointed out by
 Michael W. Bombardieri on tech@. ok deraadt

---
 sys/crypto/cast.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'sys/crypto')

diff --git a/sys/crypto/cast.c b/sys/crypto/cast.c
index e251dfbc022..378d1576623 100644
--- a/sys/crypto/cast.c
+++ b/sys/crypto/cast.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: cast.c,v 1.3 2005/03/24 11:45:28 hshoexer Exp $       */
+/*      $OpenBSD: cast.c,v 1.4 2012/04/25 04:12:27 matthew Exp $       */
 
 /*
  *	CAST-128 in C
@@ -8,6 +8,7 @@
  */
 
 #include <sys/types.h>
+#include <sys/systm.h>
 #include <crypto/cast.h>
 #include <crypto/castsb.h>
 
@@ -268,9 +269,9 @@ cast_setkey(cast_key *key, u_int8_t *rawkey, int keybytes)
 		}
 	}
 	/* Wipe clean */
-	for (i = 0; i < 4; i++) {
-		t[i] = x[i] = z[i] = 0;
-	}
+	explicit_bzero(t, sizeof(t));
+	explicit_bzero(x, sizeof(x));
+	explicit_bzero(z, sizeof(z));
 }
 
 /* Made in Canada */
-- 
cgit v1.2.3