Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
This commit is contained in:
Richard Levitte
parent
2047bda6fb
commit
4579924b7e
@ -615,7 +615,7 @@ int password_callback(char *buf, int bufsiz, int verify,
|
|||||||
|
|
||||||
if (buff)
|
if (buff)
|
||||||
{
|
{
|
||||||
memset(buff,0,(unsigned int)bufsiz);
|
OPENSSL_cleanse(buff,(unsigned int)bufsiz);
|
||||||
OPENSSL_free(buff);
|
OPENSSL_free(buff);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -625,13 +625,13 @@ int password_callback(char *buf, int bufsiz, int verify,
|
|||||||
{
|
{
|
||||||
BIO_printf(bio_err, "User interface error\n");
|
BIO_printf(bio_err, "User interface error\n");
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
memset(buf,0,(unsigned int)bufsiz);
|
OPENSSL_cleanse(buf,(unsigned int)bufsiz);
|
||||||
res = 0;
|
res = 0;
|
||||||
}
|
}
|
||||||
if (ok == -2)
|
if (ok == -2)
|
||||||
{
|
{
|
||||||
BIO_printf(bio_err,"aborted!\n");
|
BIO_printf(bio_err,"aborted!\n");
|
||||||
memset(buf,0,(unsigned int)bufsiz);
|
OPENSSL_cleanse(buf,(unsigned int)bufsiz);
|
||||||
res = 0;
|
res = 0;
|
||||||
}
|
}
|
||||||
UI_free(ui);
|
UI_free(ui);
|
||||||
|
|||||||
@ -706,7 +706,7 @@ bad:
|
|||||||
}
|
}
|
||||||
pkey = load_key(bio_err, keyfile, keyform, 0, key, e,
|
pkey = load_key(bio_err, keyfile, keyform, 0, key, e,
|
||||||
"CA private key");
|
"CA private key");
|
||||||
if (key) memset(key,0,strlen(key));
|
if (key) OPENSSL_cleanse(key,strlen(key));
|
||||||
if (pkey == NULL)
|
if (pkey == NULL)
|
||||||
{
|
{
|
||||||
/* load_key() has already printed an appropriate message */
|
/* load_key() has already printed an appropriate message */
|
||||||
|
|||||||
@ -356,7 +356,7 @@ int MAIN(int argc, char **argv)
|
|||||||
end:
|
end:
|
||||||
if (buf != NULL)
|
if (buf != NULL)
|
||||||
{
|
{
|
||||||
memset(buf,0,BUFSIZE);
|
OPENSSL_cleanse(buf,BUFSIZE);
|
||||||
OPENSSL_free(buf);
|
OPENSSL_free(buf);
|
||||||
}
|
}
|
||||||
if (in != NULL) BIO_free(in);
|
if (in != NULL) BIO_free(in);
|
||||||
|
|||||||
@ -481,9 +481,9 @@ bad:
|
|||||||
* bug picked up by
|
* bug picked up by
|
||||||
* Larry J. Hughes Jr. <hughes@indiana.edu> */
|
* Larry J. Hughes Jr. <hughes@indiana.edu> */
|
||||||
if (str == strbuf)
|
if (str == strbuf)
|
||||||
memset(str,0,SIZE);
|
OPENSSL_cleanse(str,SIZE);
|
||||||
else
|
else
|
||||||
memset(str,0,strlen(str));
|
OPENSSL_cleanse(str,strlen(str));
|
||||||
}
|
}
|
||||||
if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
|
if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
|
||||||
{
|
{
|
||||||
|
|||||||
@ -908,9 +908,9 @@ end:
|
|||||||
if (con != NULL) SSL_free(con);
|
if (con != NULL) SSL_free(con);
|
||||||
if (con2 != NULL) SSL_free(con2);
|
if (con2 != NULL) SSL_free(con2);
|
||||||
if (ctx != NULL) SSL_CTX_free(ctx);
|
if (ctx != NULL) SSL_CTX_free(ctx);
|
||||||
if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
|
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
|
||||||
if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
|
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
|
||||||
if (mbuf != NULL) { memset(mbuf,0,BUFSIZZ); OPENSSL_free(mbuf); }
|
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
|
||||||
if (bio_c_out != NULL)
|
if (bio_c_out != NULL)
|
||||||
{
|
{
|
||||||
BIO_free(bio_c_out);
|
BIO_free(bio_c_out);
|
||||||
|
|||||||
@ -1262,7 +1262,7 @@ err:
|
|||||||
BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
|
BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
|
||||||
if (buf != NULL)
|
if (buf != NULL)
|
||||||
{
|
{
|
||||||
memset(buf,0,bufsize);
|
OPENSSL_cleanse(buf,bufsize);
|
||||||
OPENSSL_free(buf);
|
OPENSSL_free(buf);
|
||||||
}
|
}
|
||||||
if (ret >= 0)
|
if (ret >= 0)
|
||||||
|
|||||||
@ -62,14 +62,6 @@
|
|||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
|
|
||||||
#ifdef FLAT_INC
|
|
||||||
#include "e_os.h"
|
|
||||||
#else
|
|
||||||
#include "../e_os.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_SOCK
|
|
||||||
|
|
||||||
/* With IPv6, it looks like Digital has mixed up the proper order of
|
/* With IPv6, it looks like Digital has mixed up the proper order of
|
||||||
recursive header file inclusion, resulting in the compiler complaining
|
recursive header file inclusion, resulting in the compiler complaining
|
||||||
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
|
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
|
||||||
@ -87,6 +79,14 @@ typedef unsigned int u_int;
|
|||||||
#include "s_apps.h"
|
#include "s_apps.h"
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
|
|
||||||
|
#ifdef FLAT_INC
|
||||||
|
#include "e_os.h"
|
||||||
|
#else
|
||||||
|
#include "../e_os.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_SOCK
|
||||||
|
|
||||||
static struct hostent *GetHostByName(char *name);
|
static struct hostent *GetHostByName(char *name);
|
||||||
#ifdef OPENSSL_SYS_WINDOWS
|
#ifdef OPENSSL_SYS_WINDOWS
|
||||||
static void ssl_sock_cleanup(void);
|
static void ssl_sock_cleanup(void);
|
||||||
|
|||||||
@ -204,9 +204,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
|
|||||||
err:
|
err:
|
||||||
EVP_MD_CTX_cleanup(&ctx);
|
EVP_MD_CTX_cleanup(&ctx);
|
||||||
if (buf_in != NULL)
|
if (buf_in != NULL)
|
||||||
{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
|
{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
|
||||||
if (buf_out != NULL)
|
if (buf_out != NULL)
|
||||||
{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
|
{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
|
||||||
return(outl);
|
return(outl);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -287,8 +287,8 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
|
|||||||
err:
|
err:
|
||||||
EVP_MD_CTX_cleanup(&ctx);
|
EVP_MD_CTX_cleanup(&ctx);
|
||||||
if (buf_in != NULL)
|
if (buf_in != NULL)
|
||||||
{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
|
{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
|
||||||
if (buf_out != NULL)
|
if (buf_out != NULL)
|
||||||
{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
|
{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
|
||||||
return(outl);
|
return(outl);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -103,7 +103,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
|
|||||||
EVP_VerifyInit_ex(&ctx,type, NULL);
|
EVP_VerifyInit_ex(&ctx,type, NULL);
|
||||||
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
|
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
|
||||||
|
|
||||||
memset(buf_in,0,(unsigned int)inl);
|
OPENSSL_cleanse(buf_in,(unsigned int)inl);
|
||||||
OPENSSL_free(buf_in);
|
OPENSSL_free(buf_in);
|
||||||
|
|
||||||
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
|
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
|
||||||
@ -153,7 +153,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
|
|||||||
EVP_VerifyInit_ex(&ctx,type, NULL);
|
EVP_VerifyInit_ex(&ctx,type, NULL);
|
||||||
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
|
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
|
||||||
|
|
||||||
memset(buf_in,0,(unsigned int)inl);
|
OPENSSL_cleanse(buf_in,(unsigned int)inl);
|
||||||
OPENSSL_free(buf_in);
|
OPENSSL_free(buf_in);
|
||||||
|
|
||||||
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
|
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
|
||||||
|
|||||||
@ -187,7 +187,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
|
|||||||
i2d_NETSCAPE_PKEY(pkey,&zz);
|
i2d_NETSCAPE_PKEY(pkey,&zz);
|
||||||
|
|
||||||
/* Wipe the private key encoding */
|
/* Wipe the private key encoding */
|
||||||
memset(pkey->private_key->data, 0, rsalen);
|
OPENSSL_cleanse(pkey->private_key->data, rsalen);
|
||||||
|
|
||||||
if (cb == NULL)
|
if (cb == NULL)
|
||||||
cb=EVP_read_pw_string;
|
cb=EVP_read_pw_string;
|
||||||
@ -206,7 +206,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
|
|||||||
}
|
}
|
||||||
|
|
||||||
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
|
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
|
||||||
memset(buf,0,256);
|
OPENSSL_cleanse(buf,256);
|
||||||
|
|
||||||
/* Encrypt private key in place */
|
/* Encrypt private key in place */
|
||||||
zz = enckey->enckey->digest->data;
|
zz = enckey->enckey->digest->data;
|
||||||
@ -294,7 +294,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
|
|||||||
}
|
}
|
||||||
|
|
||||||
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
|
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
|
||||||
memset(buf,0,256);
|
OPENSSL_cleanse(buf,256);
|
||||||
|
|
||||||
EVP_CIPHER_CTX_init(&ctx);
|
EVP_CIPHER_CTX_init(&ctx);
|
||||||
EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
|
EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
|
||||||
|
|||||||
@ -68,8 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
|
|||||||
if(operation == ASN1_OP_FREE_PRE) {
|
if(operation == ASN1_OP_FREE_PRE) {
|
||||||
PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
|
PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
|
||||||
if (key->pkey->value.octet_string)
|
if (key->pkey->value.octet_string)
|
||||||
memset(key->pkey->value.octet_string->data,
|
OPENSSL_cleanse(key->pkey->value.octet_string->data,
|
||||||
0, key->pkey->value.octet_string->length);
|
key->pkey->value.octet_string->length);
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -427,7 +427,7 @@ void doencryption(void)
|
|||||||
k2[i-8]=k;
|
k2[i-8]=k;
|
||||||
}
|
}
|
||||||
DES_set_key_unchecked(&k2,&ks2);
|
DES_set_key_unchecked(&k2,&ks2);
|
||||||
memset(k2,0,sizeof(k2));
|
OPENSSL_cleanse(k2,sizeof(k2));
|
||||||
}
|
}
|
||||||
else if (longk || flag3)
|
else if (longk || flag3)
|
||||||
{
|
{
|
||||||
@ -435,7 +435,7 @@ void doencryption(void)
|
|||||||
{
|
{
|
||||||
DES_string_to_2keys(key,&kk,&k2);
|
DES_string_to_2keys(key,&kk,&k2);
|
||||||
DES_set_key_unchecked(&k2,&ks2);
|
DES_set_key_unchecked(&k2,&ks2);
|
||||||
memset(k2,0,sizeof(k2));
|
OPENSSL_cleanse(k2,sizeof(k2));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
DES_string_to_key(key,&kk);
|
DES_string_to_key(key,&kk);
|
||||||
@ -457,8 +457,8 @@ void doencryption(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
DES_set_key_unchecked(&kk,&ks);
|
DES_set_key_unchecked(&kk,&ks);
|
||||||
memset(key,0,sizeof(key));
|
OPENSSL_cleanse(key,sizeof(key));
|
||||||
memset(kk,0,sizeof(kk));
|
OPENSSL_cleanse(kk,sizeof(kk));
|
||||||
/* woops - A bug that does not showup under unix :-( */
|
/* woops - A bug that does not showup under unix :-( */
|
||||||
memset(iv,0,sizeof(iv));
|
memset(iv,0,sizeof(iv));
|
||||||
memset(iv2,0,sizeof(iv2));
|
memset(iv2,0,sizeof(iv2));
|
||||||
@ -666,18 +666,18 @@ void doencryption(void)
|
|||||||
if (l) fclose(CKSUM_OUT);
|
if (l) fclose(CKSUM_OUT);
|
||||||
}
|
}
|
||||||
problems:
|
problems:
|
||||||
memset(buf,0,sizeof(buf));
|
OPENSSL_cleanse(buf,sizeof(buf));
|
||||||
memset(obuf,0,sizeof(obuf));
|
OPENSSL_cleanse(obuf,sizeof(obuf));
|
||||||
memset(&ks,0,sizeof(ks));
|
OPENSSL_cleanse(&ks,sizeof(ks));
|
||||||
memset(&ks2,0,sizeof(ks2));
|
OPENSSL_cleanse(&ks2,sizeof(ks2));
|
||||||
memset(iv,0,sizeof(iv));
|
OPENSSL_cleanse(iv,sizeof(iv));
|
||||||
memset(iv2,0,sizeof(iv2));
|
OPENSSL_cleanse(iv2,sizeof(iv2));
|
||||||
memset(kk,0,sizeof(kk));
|
OPENSSL_cleanse(kk,sizeof(kk));
|
||||||
memset(k2,0,sizeof(k2));
|
OPENSSL_cleanse(k2,sizeof(k2));
|
||||||
memset(uubuf,0,sizeof(uubuf));
|
OPENSSL_cleanse(uubuf,sizeof(uubuf));
|
||||||
memset(b,0,sizeof(b));
|
OPENSSL_cleanse(b,sizeof(b));
|
||||||
memset(bb,0,sizeof(bb));
|
OPENSSL_cleanse(bb,sizeof(bb));
|
||||||
memset(cksum,0,sizeof(cksum));
|
OPENSSL_cleanse(cksum,sizeof(cksum));
|
||||||
if (Exit) EXIT(Exit);
|
if (Exit) EXIT(Exit);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -123,8 +123,8 @@ int DES_read_password(DES_cblock *key, const char *prompt, int verify)
|
|||||||
|
|
||||||
if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
|
if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
|
||||||
DES_string_to_key(buf,key);
|
DES_string_to_key(buf,key);
|
||||||
memset(buf,0,BUFSIZ);
|
OPENSSL_cleanse(buf,BUFSIZ);
|
||||||
memset(buff,0,BUFSIZ);
|
OPENSSL_cleanse(buff,BUFSIZ);
|
||||||
return(ok);
|
return(ok);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -136,7 +136,7 @@ int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
|
|||||||
|
|
||||||
if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
|
if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
|
||||||
DES_string_to_2keys(buf,key1,key2);
|
DES_string_to_2keys(buf,key1,key2);
|
||||||
memset(buf,0,BUFSIZ);
|
OPENSSL_cleanse(buf,BUFSIZ);
|
||||||
memset(buff,0,BUFSIZ);
|
OPENSSL_cleanse(buff,BUFSIZ);
|
||||||
return(ok);
|
return(ok);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -220,7 +220,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt,
|
|||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
|
ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
|
||||||
memset(buff,0,BUFSIZ);
|
OPENSSL_cleanse(buff,BUFSIZ);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -94,7 +94,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
|
|||||||
DES_set_key_unchecked(key,&ks);
|
DES_set_key_unchecked(key,&ks);
|
||||||
#endif
|
#endif
|
||||||
DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
|
DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
|
||||||
memset(&ks,0,sizeof(ks));
|
OPENSSL_cleanse(&ks,sizeof(ks));
|
||||||
DES_set_odd_parity(key);
|
DES_set_odd_parity(key);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -167,7 +167,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
|
|||||||
DES_set_key_unchecked(key2,&ks);
|
DES_set_key_unchecked(key2,&ks);
|
||||||
#endif
|
#endif
|
||||||
DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
|
DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
|
||||||
memset(&ks,0,sizeof(ks));
|
OPENSSL_cleanse(&ks,sizeof(ks));
|
||||||
DES_set_odd_parity(key1);
|
DES_set_odd_parity(key1);
|
||||||
DES_set_odd_parity(key2);
|
DES_set_odd_parity(key2);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -118,7 +118,7 @@ void EC_KEY_free(EC_KEY *r)
|
|||||||
if (r->meth_data && r->meth_data->finish)
|
if (r->meth_data && r->meth_data->finish)
|
||||||
r->meth_data->finish(r);
|
r->meth_data->finish(r);
|
||||||
|
|
||||||
memset((void *)r, 0x0, sizeof(EC_KEY));
|
OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
|
||||||
|
|
||||||
OPENSSL_free(r);
|
OPENSSL_free(r);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -162,11 +162,11 @@ void EC_GROUP_clear_free(EC_GROUP *group)
|
|||||||
|
|
||||||
if (group->seed)
|
if (group->seed)
|
||||||
{
|
{
|
||||||
memset(group->seed, 0, group->seed_len);
|
OPENSSL_cleanse(group->seed, group->seed_len);
|
||||||
OPENSSL_free(group->seed);
|
OPENSSL_free(group->seed);
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(group, 0, sizeof *group);
|
OPENSSL_cleanse(group, sizeof *group);
|
||||||
OPENSSL_free(group);
|
OPENSSL_free(group);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -591,7 +591,7 @@ void EC_POINT_clear_free(EC_POINT *point)
|
|||||||
point->meth->point_clear_finish(point);
|
point->meth->point_clear_finish(point);
|
||||||
else if (point->meth != NULL && point->meth->point_finish != 0)
|
else if (point->meth != NULL && point->meth->point_finish != 0)
|
||||||
point->meth->point_finish(point);
|
point->meth->point_finish(point);
|
||||||
memset(point, 0, sizeof *point);
|
OPENSSL_cleanse(point, sizeof *point);
|
||||||
OPENSSL_free(point);
|
OPENSSL_free(point);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -176,7 +176,7 @@ void ECDH_DATA_free(ECDH_DATA *r)
|
|||||||
|
|
||||||
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
|
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
|
||||||
|
|
||||||
memset((void *)r, 0x0, sizeof(ECDH_DATA));
|
OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
|
||||||
|
|
||||||
OPENSSL_free(r);
|
OPENSSL_free(r);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -170,7 +170,7 @@ void ECDSA_DATA_free(ECDSA_DATA *r)
|
|||||||
|
|
||||||
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
|
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
|
||||||
|
|
||||||
memset((void *)r, 0x0, sizeof(ECDSA_DATA));
|
OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
|
||||||
|
|
||||||
OPENSSL_free(r);
|
OPENSSL_free(r);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -132,7 +132,7 @@ static int enc_free(BIO *a)
|
|||||||
if (a == NULL) return(0);
|
if (a == NULL) return(0);
|
||||||
b=(BIO_ENC_CTX *)a->ptr;
|
b=(BIO_ENC_CTX *)a->ptr;
|
||||||
EVP_CIPHER_CTX_cleanup(&(b->cipher));
|
EVP_CIPHER_CTX_cleanup(&(b->cipher));
|
||||||
memset(a->ptr,0,sizeof(BIO_ENC_CTX));
|
OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
|
||||||
OPENSSL_free(a->ptr);
|
OPENSSL_free(a->ptr);
|
||||||
a->ptr=NULL;
|
a->ptr=NULL;
|
||||||
a->init=0;
|
a->init=0;
|
||||||
|
|||||||
@ -211,7 +211,7 @@ static int ok_free(BIO *a)
|
|||||||
{
|
{
|
||||||
if (a == NULL) return(0);
|
if (a == NULL) return(0);
|
||||||
EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
|
EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
|
||||||
memset(a->ptr,0,sizeof(BIO_OK_CTX));
|
OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
|
||||||
OPENSSL_free(a->ptr);
|
OPENSSL_free(a->ptr);
|
||||||
a->ptr=NULL;
|
a->ptr=NULL;
|
||||||
a->init=0;
|
a->init=0;
|
||||||
|
|||||||
@ -301,7 +301,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
|||||||
ctx->digest->cleanup(ctx);
|
ctx->digest->cleanup(ctx);
|
||||||
if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
|
if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
|
||||||
{
|
{
|
||||||
memset(ctx->md_data,0,ctx->digest->ctx_size);
|
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
|
||||||
OPENSSL_free(ctx->md_data);
|
OPENSSL_free(ctx->md_data);
|
||||||
}
|
}
|
||||||
if(ctx->engine)
|
if(ctx->engine)
|
||||||
|
|||||||
@ -109,7 +109,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
|||||||
|
|
||||||
idea_set_encrypt_key(key,&tmp);
|
idea_set_encrypt_key(key,&tmp);
|
||||||
idea_set_decrypt_key(&tmp,ctx->cipher_data);
|
idea_set_decrypt_key(&tmp,ctx->cipher_data);
|
||||||
memset((unsigned char *)&tmp,0,
|
OPENSSL_cleanse((unsigned char *)&tmp,
|
||||||
sizeof(IDEA_KEY_SCHEDULE));
|
sizeof(IDEA_KEY_SCHEDULE));
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
|
|||||||
@ -103,7 +103,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
|
|||||||
buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
|
buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
|
||||||
ret = UI_process(ui);
|
ret = UI_process(ui);
|
||||||
UI_free(ui);
|
UI_free(ui);
|
||||||
memset(buff,0,BUFSIZ);
|
OPENSSL_cleanse(buff,BUFSIZ);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -168,7 +168,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
|
|||||||
if ((nkey == 0) && (niv == 0)) break;
|
if ((nkey == 0) && (niv == 0)) break;
|
||||||
}
|
}
|
||||||
EVP_MD_CTX_cleanup(&c);
|
EVP_MD_CTX_cleanup(&c);
|
||||||
memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
|
OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
|
||||||
return(type->key_len);
|
return(type->key_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -146,8 +146,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
|
|||||||
memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
|
memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
|
||||||
EVP_CIPHER_iv_length(cipher));
|
EVP_CIPHER_iv_length(cipher));
|
||||||
EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
|
EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
|
||||||
memset(md_tmp, 0, EVP_MAX_MD_SIZE);
|
OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
|
||||||
memset(key, 0, EVP_MAX_KEY_LENGTH);
|
OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
|
||||||
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -231,7 +231,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
|||||||
iter = ASN1_INTEGER_get(kdf->iter);
|
iter = ASN1_INTEGER_get(kdf->iter);
|
||||||
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
|
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
|
||||||
EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
|
EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
|
||||||
memset(key, 0, keylen);
|
OPENSSL_cleanse(key, keylen);
|
||||||
PBKDF2PARAM_free(kdf);
|
PBKDF2PARAM_free(kdf);
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
|
|||||||
@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
|
|||||||
|
|
||||||
ret=1;
|
ret=1;
|
||||||
err:
|
err:
|
||||||
if (key != NULL) memset(key,0,size);
|
if (key != NULL) OPENSSL_cleanse(key,size);
|
||||||
OPENSSL_free(key);
|
OPENSSL_free(key);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -606,7 +606,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
|
|||||||
c->num=0;
|
c->num=0;
|
||||||
/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
|
/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
|
||||||
* but I'm not worried :-)
|
* but I'm not worried :-)
|
||||||
memset((void *)c,0,sizeof(HASH_CTX));
|
OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
|
||||||
*/
|
*/
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -343,7 +343,7 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
|
|||||||
ret=malloc_ex_func(num,file,line);
|
ret=malloc_ex_func(num,file,line);
|
||||||
if(ret)
|
if(ret)
|
||||||
memcpy(ret,str,old_len);
|
memcpy(ret,str,old_len);
|
||||||
memset(str,'\0',old_len);
|
OPENSSL_cleanse(str,old_len);
|
||||||
free_func(str);
|
free_func(str);
|
||||||
#ifdef LEVITTE_DEBUG_MEM
|
#ifdef LEVITTE_DEBUG_MEM
|
||||||
fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num);
|
fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num);
|
||||||
|
|||||||
@ -383,7 +383,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
|
|||||||
ret=1;
|
ret=1;
|
||||||
|
|
||||||
err:
|
err:
|
||||||
memset((char *)&ctx,0,sizeof(ctx));
|
OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
|
||||||
memset(buf,0,PEM_BUFSIZE);
|
OPENSSL_cleanse(buf,PEM_BUFSIZE);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -368,13 +368,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
|
|||||||
i=PEM_write_bio(bp,name,buf,data,i);
|
i=PEM_write_bio(bp,name,buf,data,i);
|
||||||
if (i <= 0) ret=0;
|
if (i <= 0) ret=0;
|
||||||
err:
|
err:
|
||||||
memset(key,0,sizeof(key));
|
OPENSSL_cleanse(key,sizeof(key));
|
||||||
memset(iv,0,sizeof(iv));
|
OPENSSL_cleanse(iv,sizeof(iv));
|
||||||
memset((char *)&ctx,0,sizeof(ctx));
|
OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
|
||||||
memset(buf,0,PEM_BUFSIZE);
|
OPENSSL_cleanse(buf,PEM_BUFSIZE);
|
||||||
if (data != NULL)
|
if (data != NULL)
|
||||||
{
|
{
|
||||||
memset(data,0,(unsigned int)dsize);
|
OPENSSL_cleanse(data,(unsigned int)dsize);
|
||||||
OPENSSL_free(data);
|
OPENSSL_free(data);
|
||||||
}
|
}
|
||||||
return(ret);
|
return(ret);
|
||||||
@ -415,8 +415,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
|||||||
EVP_DecryptUpdate(&ctx,data,&i,data,j);
|
EVP_DecryptUpdate(&ctx,data,&i,data,j);
|
||||||
o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
|
o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
|
||||||
EVP_CIPHER_CTX_cleanup(&ctx);
|
EVP_CIPHER_CTX_cleanup(&ctx);
|
||||||
memset((char *)buf,0,sizeof(buf));
|
OPENSSL_cleanse((char *)buf,sizeof(buf));
|
||||||
memset((char *)key,0,sizeof(key));
|
OPENSSL_cleanse((char *)key,sizeof(key));
|
||||||
j+=i;
|
j+=i;
|
||||||
if (!o)
|
if (!o)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER
|
|||||||
kstr = buf;
|
kstr = buf;
|
||||||
}
|
}
|
||||||
p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
|
p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
|
||||||
if(kstr == buf) memset(buf, 0, klen);
|
if(kstr == buf) OPENSSL_cleanse(buf, klen);
|
||||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||||
if(isder) ret = i2d_PKCS8_bio(bp, p8);
|
if(isder) ret = i2d_PKCS8_bio(bp, p8);
|
||||||
else ret = PEM_write_bio_PKCS8(bp, p8);
|
else ret = PEM_write_bio_PKCS8(bp, p8);
|
||||||
|
|||||||
@ -112,7 +112,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
|
|||||||
ret=npubk;
|
ret=npubk;
|
||||||
err:
|
err:
|
||||||
if (s != NULL) OPENSSL_free(s);
|
if (s != NULL) OPENSSL_free(s);
|
||||||
memset(key,0,EVP_MAX_KEY_LENGTH);
|
OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
|
|||||||
}
|
}
|
||||||
PBEPARAM_free(pbe);
|
PBEPARAM_free(pbe);
|
||||||
EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
|
EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
|
||||||
memset(key, 0, EVP_MAX_KEY_LENGTH);
|
OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
|
||||||
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -136,7 +136,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
ret = ASN1_item_d2i(NULL, &p, outlen, it);
|
ret = ASN1_item_d2i(NULL, &p, outlen, it);
|
||||||
if (zbuf) memset(out, 0, outlen);
|
if (zbuf) OPENSSL_cleanse(out, outlen);
|
||||||
if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
|
if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
|
||||||
OPENSSL_free(out);
|
OPENSSL_free(out);
|
||||||
return ret;
|
return ret;
|
||||||
@ -168,7 +168,7 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *i
|
|||||||
OPENSSL_free(in);
|
OPENSSL_free(in);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (zbuf) memset(in, 0, inlen);
|
if (zbuf) OPENSSL_cleanse(in, inlen);
|
||||||
OPENSSL_free(in);
|
OPENSSL_free(in);
|
||||||
return oct;
|
return oct;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
|
|||||||
ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
|
ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
|
||||||
id, iter, n, out, md_type);
|
id, iter, n, out, md_type);
|
||||||
if(unipass) {
|
if(unipass) {
|
||||||
memset(unipass, 0, uniplen); /* Clear password from memory */
|
OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
|
||||||
OPENSSL_free(unipass);
|
OPENSSL_free(unipass);
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@ -145,7 +145,7 @@ static int ber_free(BIO *a)
|
|||||||
|
|
||||||
if (a == NULL) return(0);
|
if (a == NULL) return(0);
|
||||||
b=(BIO_BER_CTX *)a->ptr;
|
b=(BIO_BER_CTX *)a->ptr;
|
||||||
memset(a->ptr,0,sizeof(BIO_BER_CTX));
|
OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
|
||||||
OPENSSL_free(a->ptr);
|
OPENSSL_free(a->ptr);
|
||||||
a->ptr=NULL;
|
a->ptr=NULL;
|
||||||
a->init=0;
|
a->init=0;
|
||||||
|
|||||||
@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
|
|||||||
M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
|
M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
|
||||||
}
|
}
|
||||||
OPENSSL_free(tmp);
|
OPENSSL_free(tmp);
|
||||||
memset(key, 0, keylen);
|
OPENSSL_cleanse(key, keylen);
|
||||||
|
|
||||||
if (out == NULL)
|
if (out == NULL)
|
||||||
out=btmp;
|
out=btmp;
|
||||||
@ -448,7 +448,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
|||||||
}
|
}
|
||||||
EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
|
EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
|
||||||
|
|
||||||
memset(tmp,0,jj);
|
OPENSSL_cleanse(tmp,jj);
|
||||||
|
|
||||||
if (out == NULL)
|
if (out == NULL)
|
||||||
out=etmp;
|
out=etmp;
|
||||||
|
|||||||
@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void)
|
|||||||
|
|
||||||
static void ssleay_rand_cleanup(void)
|
static void ssleay_rand_cleanup(void)
|
||||||
{
|
{
|
||||||
memset(state,0,sizeof(state));
|
OPENSSL_cleanse(state,sizeof(state));
|
||||||
state_num=0;
|
state_num=0;
|
||||||
state_index=0;
|
state_index=0;
|
||||||
memset(md,0,MD_DIGEST_LENGTH);
|
OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
|
||||||
md_count[0]=0;
|
md_count[0]=0;
|
||||||
md_count[1]=0;
|
md_count[1]=0;
|
||||||
entropy=0;
|
entropy=0;
|
||||||
|
|||||||
@ -215,7 +215,7 @@ int RAND_poll(void)
|
|||||||
if (n > 0)
|
if (n > 0)
|
||||||
{
|
{
|
||||||
RAND_add(tmpbuf,sizeof tmpbuf,n);
|
RAND_add(tmpbuf,sizeof tmpbuf,n);
|
||||||
memset(tmpbuf,0,n);
|
OPENSSL_cleanse(tmpbuf,n);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -124,7 +124,7 @@ int RAND_load_file(const char *file, long bytes)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
fclose(in);
|
fclose(in);
|
||||||
memset(buf,0,BUFSIZE);
|
OPENSSL_cleanse(buf,BUFSIZE);
|
||||||
err:
|
err:
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
@ -189,7 +189,7 @@ int RAND_write_file(const char *file)
|
|||||||
#endif /* OPENSSL_SYS_VMS */
|
#endif /* OPENSSL_SYS_VMS */
|
||||||
|
|
||||||
fclose(out);
|
fclose(out);
|
||||||
memset(buf,0,BUFSIZE);
|
OPENSSL_cleanse(buf,BUFSIZE);
|
||||||
err:
|
err:
|
||||||
return (rand_err ? -1 : ret);
|
return (rand_err ? -1 : ret);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -155,7 +155,7 @@ bad:
|
|||||||
i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
|
i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
|
||||||
if (i != 0)
|
if (i != 0)
|
||||||
{
|
{
|
||||||
memset(buf,0,BUFSIZ);
|
OPENSSL_cleanse(buf,BUFSIZ);
|
||||||
fprintf(stderr,"bad password read\n");
|
fprintf(stderr,"bad password read\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
@ -163,7 +163,7 @@ bad:
|
|||||||
}
|
}
|
||||||
|
|
||||||
EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
|
EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
|
||||||
memset(keystr,0,strlen(keystr));
|
OPENSSL_cleanse(keystr,strlen(keystr));
|
||||||
RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
|
RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
|
||||||
|
|
||||||
for(;;)
|
for(;;)
|
||||||
|
|||||||
@ -70,7 +70,7 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
|
|||||||
RIPEMD160_Init(&c);
|
RIPEMD160_Init(&c);
|
||||||
RIPEMD160_Update(&c,d,n);
|
RIPEMD160_Update(&c,d,n);
|
||||||
RIPEMD160_Final(md,&c);
|
RIPEMD160_Final(md,&c);
|
||||||
memset(&c,0,sizeof(c)); /* security consideration */
|
OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
|
||||||
return(md);
|
return(md);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -187,7 +187,7 @@ err:
|
|||||||
BN_clear_free(&ret);
|
BN_clear_free(&ret);
|
||||||
if (buf != NULL)
|
if (buf != NULL)
|
||||||
{
|
{
|
||||||
memset(buf,0,num);
|
OPENSSL_cleanse(buf,num);
|
||||||
OPENSSL_free(buf);
|
OPENSSL_free(buf);
|
||||||
}
|
}
|
||||||
return(r);
|
return(r);
|
||||||
@ -271,7 +271,7 @@ err:
|
|||||||
BN_clear_free(&f);
|
BN_clear_free(&f);
|
||||||
if (buf != NULL)
|
if (buf != NULL)
|
||||||
{
|
{
|
||||||
memset(buf,0,num);
|
OPENSSL_cleanse(buf,num);
|
||||||
OPENSSL_free(buf);
|
OPENSSL_free(buf);
|
||||||
}
|
}
|
||||||
return(r);
|
return(r);
|
||||||
@ -370,7 +370,7 @@ err:
|
|||||||
BN_clear_free(&ret);
|
BN_clear_free(&ret);
|
||||||
if (buf != NULL)
|
if (buf != NULL)
|
||||||
{
|
{
|
||||||
memset(buf,0,num);
|
OPENSSL_cleanse(buf,num);
|
||||||
OPENSSL_free(buf);
|
OPENSSL_free(buf);
|
||||||
}
|
}
|
||||||
return(r);
|
return(r);
|
||||||
@ -467,7 +467,7 @@ err:
|
|||||||
BN_clear_free(&ret);
|
BN_clear_free(&ret);
|
||||||
if (buf != NULL)
|
if (buf != NULL)
|
||||||
{
|
{
|
||||||
memset(buf,0,num);
|
OPENSSL_cleanse(buf,num);
|
||||||
OPENSSL_free(buf);
|
OPENSSL_free(buf);
|
||||||
}
|
}
|
||||||
return(r);
|
return(r);
|
||||||
|
|||||||
@ -96,7 +96,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
|
|||||||
else
|
else
|
||||||
*siglen=i;
|
*siglen=i;
|
||||||
|
|
||||||
memset(s,0,(unsigned int)j+1);
|
OPENSSL_cleanse(s,(unsigned int)j+1);
|
||||||
OPENSSL_free(s);
|
OPENSSL_free(s);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
@ -139,7 +139,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
|
|||||||
ret=1;
|
ret=1;
|
||||||
err:
|
err:
|
||||||
if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
|
if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
|
||||||
memset(s,0,(unsigned int)siglen);
|
OPENSSL_cleanse(s,(unsigned int)siglen);
|
||||||
OPENSSL_free(s);
|
OPENSSL_free(s);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -136,7 +136,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
|
|||||||
*siglen=i;
|
*siglen=i;
|
||||||
|
|
||||||
if(type != NID_md5_sha1) {
|
if(type != NID_md5_sha1) {
|
||||||
memset(tmps,0,(unsigned int)j+1);
|
OPENSSL_cleanse(tmps,(unsigned int)j+1);
|
||||||
OPENSSL_free(tmps);
|
OPENSSL_free(tmps);
|
||||||
}
|
}
|
||||||
return(ret);
|
return(ret);
|
||||||
@ -221,7 +221,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
|
|||||||
}
|
}
|
||||||
err:
|
err:
|
||||||
if (sig != NULL) X509_SIG_free(sig);
|
if (sig != NULL) X509_SIG_free(sig);
|
||||||
memset(s,0,(unsigned int)siglen);
|
OPENSSL_cleanse(s,(unsigned int)siglen);
|
||||||
OPENSSL_free(s);
|
OPENSSL_free(s);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -70,7 +70,7 @@ unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
|
|||||||
SHA1_Init(&c);
|
SHA1_Init(&c);
|
||||||
SHA1_Update(&c,d,n);
|
SHA1_Update(&c,d,n);
|
||||||
SHA1_Final(md,&c);
|
SHA1_Final(md,&c);
|
||||||
memset(&c,0,sizeof(c));
|
OPENSSL_cleanse(&c,sizeof(c));
|
||||||
return(md);
|
return(md);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -70,7 +70,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
|
|||||||
SHA_Init(&c);
|
SHA_Init(&c);
|
||||||
SHA_Update(&c,d,n);
|
SHA_Update(&c,d,n);
|
||||||
SHA_Final(md,&c);
|
SHA_Final(md,&c);
|
||||||
memset(&c,0,sizeof(c));
|
OPENSSL_cleanse(&c,sizeof(c));
|
||||||
return(md);
|
return(md);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -449,7 +449,7 @@ error:
|
|||||||
ok=1;
|
ok=1;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
memset(result,0,BUFSIZ);
|
OPENSSL_cleanse(result,BUFSIZ);
|
||||||
return ok;
|
return ok;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -65,7 +65,7 @@ int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
|
|||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
|
ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
|
||||||
memset(buff,0,BUFSIZ);
|
OPENSSL_cleanse(buff,BUFSIZ);
|
||||||
return(ret);
|
return(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1158,7 +1158,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
|
|||||||
ctx->chain=NULL;
|
ctx->chain=NULL;
|
||||||
}
|
}
|
||||||
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
|
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
|
||||||
memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
|
OPENSSL_cleanse(&ctx->ex_data,sizeof(CRYPTO_EX_DATA));
|
||||||
}
|
}
|
||||||
|
|
||||||
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
|
void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
|
||||||
|
|||||||
@ -717,7 +717,7 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
|
|||||||
|
|
||||||
if (type == NID_sha1 || type == NID_md5)
|
if (type == NID_sha1 || type == NID_md5)
|
||||||
{
|
{
|
||||||
memset(hashBuffer, 0, keyLength+1);
|
OPENSSL_cleanse(hashBuffer, keyLength+1);
|
||||||
OPENSSL_free(hashBuffer);
|
OPENSSL_free(hashBuffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -840,7 +840,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
|
|||||||
|
|
||||||
if (type == NID_sha1 || type == NID_md5)
|
if (type == NID_sha1 || type == NID_md5)
|
||||||
{
|
{
|
||||||
memset(hashBuffer, 0, keyLength+1);
|
OPENSSL_cleanse(hashBuffer, keyLength+1);
|
||||||
OPENSSL_free(hashBuffer);
|
OPENSSL_free(hashBuffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -906,7 +906,7 @@ static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned c
|
|||||||
err:
|
err:
|
||||||
if (buf)
|
if (buf)
|
||||||
{
|
{
|
||||||
memset(buf,0,tlen);
|
OPENSSL_cleanse(buf,tlen);
|
||||||
OPENSSL_free(buf);
|
OPENSSL_free(buf);
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
@ -1550,7 +1550,7 @@ kssl_ctx_free(KSSL_CTX *kssl_ctx)
|
|||||||
{
|
{
|
||||||
if (kssl_ctx == NULL) return kssl_ctx;
|
if (kssl_ctx == NULL) return kssl_ctx;
|
||||||
|
|
||||||
if (kssl_ctx->key) memset(kssl_ctx->key, 0,
|
if (kssl_ctx->key) OPENSSL_cleanse(kssl_ctx->key,
|
||||||
kssl_ctx->length);
|
kssl_ctx->length);
|
||||||
if (kssl_ctx->key) free(kssl_ctx->key);
|
if (kssl_ctx->key) free(kssl_ctx->key);
|
||||||
if (kssl_ctx->client_princ) free(kssl_ctx->client_princ);
|
if (kssl_ctx->client_princ) free(kssl_ctx->client_princ);
|
||||||
@ -1654,7 +1654,7 @@ kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
|
|||||||
|
|
||||||
if (kssl_ctx->key)
|
if (kssl_ctx->key)
|
||||||
{
|
{
|
||||||
memset(kssl_ctx->key, 0, kssl_ctx->length);
|
OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
|
||||||
free(kssl_ctx->key);
|
free(kssl_ctx->key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -308,7 +308,7 @@ void ssl2_free(SSL *s)
|
|||||||
s2=s->s2;
|
s2=s->s2;
|
||||||
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
|
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
|
||||||
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
|
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
|
||||||
memset(s2,0,sizeof *s2);
|
OPENSSL_cleanse(s2,sizeof *s2);
|
||||||
OPENSSL_free(s2);
|
OPENSSL_free(s2);
|
||||||
s->s2=NULL;
|
s->s2=NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1657,7 +1657,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
|
|||||||
s->method->ssl3_enc->generate_master_secret(s,
|
s->method->ssl3_enc->generate_master_secret(s,
|
||||||
s->session->master_key,
|
s->session->master_key,
|
||||||
tmp_buf,sizeof tmp_buf);
|
tmp_buf,sizeof tmp_buf);
|
||||||
memset(tmp_buf,0,sizeof tmp_buf);
|
OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_KRB5
|
#ifndef OPENSSL_NO_KRB5
|
||||||
@ -1788,8 +1788,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
|
|||||||
s->session->master_key,
|
s->session->master_key,
|
||||||
tmp_buf, sizeof tmp_buf);
|
tmp_buf, sizeof tmp_buf);
|
||||||
|
|
||||||
memset(tmp_buf, 0, sizeof tmp_buf);
|
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
|
||||||
memset(epms, 0, outl);
|
OPENSSL_cleanse(epms, outl);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_DH
|
#ifndef OPENSSL_NO_DH
|
||||||
|
|||||||
@ -182,7 +182,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
|
|||||||
|
|
||||||
km+=MD5_DIGEST_LENGTH;
|
km+=MD5_DIGEST_LENGTH;
|
||||||
}
|
}
|
||||||
memset(smd,0,SHA_DIGEST_LENGTH);
|
OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
|
||||||
EVP_MD_CTX_cleanup(&m5);
|
EVP_MD_CTX_cleanup(&m5);
|
||||||
EVP_MD_CTX_cleanup(&s1);
|
EVP_MD_CTX_cleanup(&s1);
|
||||||
return 1;
|
return 1;
|
||||||
@ -333,8 +333,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||||||
|
|
||||||
EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
|
EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
|
||||||
|
|
||||||
memset(&(exp_key[0]),0,sizeof(exp_key));
|
OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
|
||||||
memset(&(exp_iv[0]),0,sizeof(exp_iv));
|
OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
|
||||||
EVP_MD_CTX_cleanup(&md);
|
EVP_MD_CTX_cleanup(&md);
|
||||||
return(1);
|
return(1);
|
||||||
err:
|
err:
|
||||||
@ -408,7 +408,7 @@ void ssl3_cleanup_key_block(SSL *s)
|
|||||||
{
|
{
|
||||||
if (s->s3->tmp.key_block != NULL)
|
if (s->s3->tmp.key_block != NULL)
|
||||||
{
|
{
|
||||||
memset(s->s3->tmp.key_block,0,
|
OPENSSL_cleanse(s->s3->tmp.key_block,
|
||||||
s->s3->tmp.key_block_length);
|
s->s3->tmp.key_block_length);
|
||||||
OPENSSL_free(s->s3->tmp.key_block);
|
OPENSSL_free(s->s3->tmp.key_block);
|
||||||
s->s3->tmp.key_block=NULL;
|
s->s3->tmp.key_block=NULL;
|
||||||
|
|||||||
@ -1468,7 +1468,7 @@ void ssl3_free(SSL *s)
|
|||||||
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
|
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
|
||||||
EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
|
EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
|
||||||
EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
|
EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
|
||||||
memset(s->s3,0,sizeof *s->s3);
|
OPENSSL_cleanse(s->s3,sizeof *s->s3);
|
||||||
OPENSSL_free(s->s3);
|
OPENSSL_free(s->s3);
|
||||||
s->s3=NULL;
|
s->s3=NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2069,7 +2069,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
|
|||||||
s->session->master_key_length = s->method->ssl3_enc-> \
|
s->session->master_key_length = s->method->ssl3_enc-> \
|
||||||
generate_master_secret(s, s->session->master_key, p, i);
|
generate_master_secret(s, s->session->master_key, p, i);
|
||||||
|
|
||||||
memset(p, 0, i);
|
OPENSSL_cleanse(p, i);
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|||||||
@ -528,13 +528,13 @@ void SSL_SESSION_free(SSL_SESSION *ss)
|
|||||||
|
|
||||||
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
|
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
|
||||||
|
|
||||||
memset(ss->key_arg,0,sizeof ss->key_arg);
|
OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
|
||||||
memset(ss->master_key,0,sizeof ss->master_key);
|
OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
|
||||||
memset(ss->session_id,0,sizeof ss->session_id);
|
OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
|
||||||
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
|
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
|
||||||
if (ss->peer != NULL) X509_free(ss->peer);
|
if (ss->peer != NULL) X509_free(ss->peer);
|
||||||
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
|
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
|
||||||
memset(ss,0,sizeof(*ss));
|
OPENSSL_cleanse(ss,sizeof(*ss));
|
||||||
OPENSSL_free(ss);
|
OPENSSL_free(ss);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
12
ssl/t1_enc.c
12
ssl/t1_enc.c
@ -161,7 +161,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
|
|||||||
}
|
}
|
||||||
HMAC_CTX_cleanup(&ctx);
|
HMAC_CTX_cleanup(&ctx);
|
||||||
HMAC_CTX_cleanup(&ctx_tmp);
|
HMAC_CTX_cleanup(&ctx_tmp);
|
||||||
memset(A1,0,sizeof(A1));
|
OPENSSL_cleanse(A1,sizeof(A1));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
|
static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
|
||||||
@ -418,10 +418,10 @@ printf("\niv=");
|
|||||||
printf("\n");
|
printf("\n");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
memset(tmp1,0,sizeof(tmp1));
|
OPENSSL_cleanse(tmp1,sizeof(tmp1));
|
||||||
memset(tmp2,0,sizeof(tmp1));
|
OPENSSL_cleanse(tmp2,sizeof(tmp1));
|
||||||
memset(iv1,0,sizeof(iv1));
|
OPENSSL_cleanse(iv1,sizeof(iv1));
|
||||||
memset(iv2,0,sizeof(iv2));
|
OPENSSL_cleanse(iv2,sizeof(iv2));
|
||||||
return(1);
|
return(1);
|
||||||
err:
|
err:
|
||||||
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
|
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
|
||||||
@ -476,7 +476,7 @@ printf("pre-master\n");
|
|||||||
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
|
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
|
||||||
#endif
|
#endif
|
||||||
tls1_generate_key_block(s,p1,p2,num);
|
tls1_generate_key_block(s,p1,p2,num);
|
||||||
memset(p2,0,num);
|
OPENSSL_cleanse(p2,num);
|
||||||
OPENSSL_free(p2);
|
OPENSSL_free(p2);
|
||||||
#ifdef TLS_DEBUG
|
#ifdef TLS_DEBUG
|
||||||
printf("\nkey block\n");
|
printf("\nkey block\n");
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user