diff options
author | levitte <levitte> | 2002-11-29 11:30:58 +0000 |
---|---|---|
committer | levitte <levitte> | 2002-11-29 11:30:58 +0000 |
commit | f0943f1bbf22c5737e377b512c3b076722f7d699 (patch) | |
tree | b4d828c50708b3cc01704cd151a3b7b75cb6328e | |
parent | 1eb4d59b446db880d8c329dbb1495df057b51c2d (diff) | |
download | openssl-f0943f1bbf22c5737e377b512c3b076722f7d699.tar.gz |
A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
-rw-r--r-- | crypto/bn/bn_lib.c | 4 | ||||
-rw-r--r-- | crypto/bn/bn_rand.c | 2 | ||||
-rw-r--r-- | crypto/md2/md2_dgst.c | 34 | ||||
-rw-r--r-- | crypto/md2/md2_one.c | 25 | ||||
-rw-r--r-- | crypto/md4/md4_one.c | 95 | ||||
-rw-r--r-- | crypto/md5/md5_one.c | 30 | ||||
-rw-r--r-- | crypto/mdc2/mdc2_one.c | 9 | ||||
-rw-r--r-- | crypto/pem/pem_lib.c | 2 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 2 |
9 files changed, 157 insertions, 46 deletions
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 7767d6517..5f121dea1 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a) if (a == NULL) return; if (a->d != NULL) { - memset(a->d,0,a->dmax*sizeof(a->d[0])); + OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); } i=BN_get_flags(a,BN_FLG_MALLOCED); - memset(a,0,sizeof(BIGNUM)); + OPENSSL_cleanse(a,sizeof(BIGNUM)); if (i) OPENSSL_free(a); } diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 4944ffbf2..eb65c28cb 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) err: if (buf != NULL) { - memset(buf,0,bytes); + OPENSSL_cleanse(buf,bytes); OPENSSL_free(buf); } return(ret); diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index 6a60dd2fb..458a3fad7 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -59,23 +59,19 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include "md2.h" +#include <openssl/md2.h> +#include <openssl/opensslv.h> -char *MD2_version="MD2 part of SSLeay 0.9.1a 06-Jul-1998"; +const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT; /* Implemented from RFC1319 The MD2 Message-Digest Algorithm */ #define UCHAR unsigned char -#ifndef NOPROTO -static void md2_block(MD2_CTX *c, unsigned char *d); -#else -static void md2_block(); -#endif - +static void md2_block(MD2_CTX *c, const unsigned char *d); /* The magic S table - I have converted it to hex since it is - * basicaly just a random byte string. */ + * basically just a random byte string. */ static MD2_INT S[256]={ 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, @@ -111,7 +107,7 @@ static MD2_INT S[256]={ 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, }; -char *MD2_options() +const char *MD2_options(void) { if (sizeof(MD2_INT) == 1) return("md2(char)"); @@ -119,8 +115,7 @@ char *MD2_options() return("md2(int)"); } -void MD2_Init(c) -MD2_CTX *c; +void MD2_Init(MD2_CTX *c) { c->num=0; memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT)); @@ -128,10 +123,7 @@ MD2_CTX *c; memset(c->data,0,MD2_BLOCK); } -void MD2_Update(c, data, len) -MD2_CTX *c; -register unsigned char *data; -unsigned long len; +void MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len) { register UCHAR *p; @@ -169,9 +161,7 @@ unsigned long len; c->num=(int)len; } -static void md2_block(c, d) -MD2_CTX *c; -unsigned char *d; +static void md2_block(MD2_CTX *c, const unsigned char *d) { register MD2_INT t,*sp1,*sp2; register int i,j; @@ -204,12 +194,10 @@ unsigned char *d; t=(t+i)&0xff; } memcpy(sp1,state,16*sizeof(MD2_INT)); - memset(state,0,48*sizeof(MD2_INT)); + OPENSSL_cleanse(state,48*sizeof(MD2_INT)); } -void MD2_Final(md, c) -unsigned char *md; -MD2_CTX *c; +void MD2_Final(unsigned char *md, MD2_CTX *c) { int i,v; register UCHAR *cp; diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c index 513bf62fd..835160ef5 100644 --- a/crypto/md2/md2_one.c +++ b/crypto/md2/md2_one.c @@ -58,23 +58,36 @@ #include <stdio.h> #include "cryptlib.h" -#include "md2.h" +#include <openssl/md2.h> /* This is a separate file so that #defines in cryptlib.h can * map my MD functions to different names */ -unsigned char *MD2(d, n, md) -unsigned char *d; -unsigned long n; -unsigned char *md; +unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md) { MD2_CTX c; static unsigned char m[MD2_DIGEST_LENGTH]; if (md == NULL) md=m; MD2_Init(&c); +#ifndef CHARSET_EBCDIC MD2_Update(&c,d,n); +#else + { + char temp[1024]; + unsigned long chunk; + + while (n > 0) + { + chunk = (n > sizeof(temp)) ? sizeof(temp) : n; + ebcdic2ascii(temp, d, chunk); + MD2_Update(&c,temp,chunk); + n -= chunk; + d += chunk; + } + } +#endif MD2_Final(md,&c); - memset(&c,0,sizeof(c)); /* Security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */ return(md); } diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c new file mode 100644 index 000000000..53efd430e --- /dev/null +++ b/crypto/md4/md4_one.c @@ -0,0 +1,95 @@ +/* crypto/md4/md4_one.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include <openssl/md4.h> + +#ifdef CHARSET_EBCDIC +#include <openssl/ebcdic.h> +#endif + +unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md) + { + MD4_CTX c; + static unsigned char m[MD4_DIGEST_LENGTH]; + + if (md == NULL) md=m; + MD4_Init(&c); +#ifndef CHARSET_EBCDIC + MD4_Update(&c,d,n); +#else + { + char temp[1024]; + unsigned long chunk; + + while (n > 0) + { + chunk = (n > sizeof(temp)) ? sizeof(temp) : n; + ebcdic2ascii(temp, d, chunk); + MD4_Update(&c,temp,chunk); + n -= chunk; + d += chunk; + } + } +#endif + MD4_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ + return(md); + } + diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c index ab6bb435f..c67eb795c 100644 --- a/crypto/md5/md5_one.c +++ b/crypto/md5/md5_one.c @@ -57,21 +57,39 @@ */ #include <stdio.h> -#include "md5_locl.h" +#include <string.h> +#include <openssl/md5.h> -unsigned char *MD5(d, n, md) -unsigned char *d; -unsigned long n; -unsigned char *md; +#ifdef CHARSET_EBCDIC +#include <openssl/ebcdic.h> +#endif + +unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md) { MD5_CTX c; static unsigned char m[MD5_DIGEST_LENGTH]; if (md == NULL) md=m; MD5_Init(&c); +#ifndef CHARSET_EBCDIC MD5_Update(&c,d,n); +#else + { + char temp[1024]; + unsigned long chunk; + + while (n > 0) + { + chunk = (n > sizeof(temp)) ? sizeof(temp) : n; + ebcdic2ascii(temp, d, chunk); + MD5_Update(&c,temp,chunk); + n -= chunk; + d += chunk; + } + } +#endif MD5_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c index aa055b66f..37f06c8d7 100644 --- a/crypto/mdc2/mdc2_one.c +++ b/crypto/mdc2/mdc2_one.c @@ -58,12 +58,9 @@ #include <stdio.h> #include "cryptlib.h" -#include "mdc2.h" +#include <openssl/mdc2.h> -unsigned char *MDC2(d, n, md) -unsigned char *d; -unsigned long n; -unsigned char *md; +unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md) { MDC2_CTX c; static unsigned char m[MDC2_DIGEST_LENGTH]; @@ -72,7 +69,7 @@ unsigned char *md; MDC2_Init(&c); MDC2_Update(&c,d,n); MDC2_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index a86a98f41..e024bd787 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -380,7 +380,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, * NOT taken from the BytesToKey function */ EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); - if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 7a89993b4..6b414cfa5 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1471,7 +1471,7 @@ static int ssl3_get_client_key_exchange(SSL *s) s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, p,i); - memset(p,0,i); + OPENSSL_cleanse(p,i); } else #endif |