A few more memset()s converted to OPENSSL_cleanse().

I *think* I got them all covered by now, bu please, if you find any more, tell me and I'll correct it. PR: 343
author: levitte <levitte> 2002-11-29 11:30:58 +0000
committer: levitte <levitte> 2002-11-29 11:30:58 +0000
commit: f0943f1bbf22c5737e377b512c3b076722f7d699 (patch)
tree: b4d828c50708b3cc01704cd151a3b7b75cb6328e
parent: 1eb4d59b446db880d8c329dbb1495df057b51c2d (diff)
download: openssl-f0943f1bbf22c5737e377b512c3b076722f7d699.tar.gz
9 files changed, 157 insertions, 46 deletions
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 7767d6517..5f121dea1 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a)
 	if (a == NULL) return;
 	if (a->d != NULL)
 		{
-		memset(a->d,0,a->dmax*sizeof(a->d[0]));
+		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
 		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
 			OPENSSL_free(a->d);
 		}
 	i=BN_get_flags(a,BN_FLG_MALLOCED);
-	memset(a,0,sizeof(BIGNUM));
+	OPENSSL_cleanse(a,sizeof(BIGNUM));
 	if (i)
 		OPENSSL_free(a);
 	}
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 4944ffbf2..eb65c28cb 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 err:
 	if (buf != NULL)
 		{
-		memset(buf,0,bytes);
+		OPENSSL_cleanse(buf,bytes);
 		OPENSSL_free(buf);
 		}
 	return(ret);
diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index 6a60dd2fb..458a3fad7 100644
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -59,23 +59,19 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "md2.h"
+#include <openssl/md2.h>
+#include <openssl/opensslv.h>
 
-char *MD2_version="MD2 part of SSLeay 0.9.1a 06-Jul-1998";
+const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
 
 /* Implemented from RFC1319 The MD2 Message-Digest Algorithm
  */
 
 #define UCHAR	unsigned char
 
-#ifndef NOPROTO
-static void md2_block(MD2_CTX *c, unsigned char *d);
-#else
-static void md2_block();
-#endif
-
+static void md2_block(MD2_CTX *c, const unsigned char *d);
 /* The magic S table - I have converted it to hex since it is
- * basicaly just a random byte string. */
+ * basically just a random byte string. */
 static MD2_INT S[256]={
 	0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
 	0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
@@ -111,7 +107,7 @@ static MD2_INT S[256]={
 	0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
 	};
 
-char *MD2_options()
+const char *MD2_options(void)
 	{
 	if (sizeof(MD2_INT) == 1)
 		return("md2(char)");
@@ -119,8 +115,7 @@ char *MD2_options()
 		return("md2(int)");
 	}
 
-void MD2_Init(c)
-MD2_CTX *c;
+void MD2_Init(MD2_CTX *c)
 	{
 	c->num=0;
 	memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT));
@@ -128,10 +123,7 @@ MD2_CTX *c;
 	memset(c->data,0,MD2_BLOCK);
 	}
 
-void MD2_Update(c, data, len)
-MD2_CTX *c;
-register unsigned char *data;
-unsigned long len;
+void MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len)
 	{
 	register UCHAR *p;
 
@@ -169,9 +161,7 @@ unsigned long len;
 	c->num=(int)len;
 	}
 
-static void md2_block(c, d)
-MD2_CTX *c;
-unsigned char *d;
+static void md2_block(MD2_CTX *c, const unsigned char *d)
 	{
 	register MD2_INT t,*sp1,*sp2;
 	register int i,j;
@@ -204,12 +194,10 @@ unsigned char *d;
 		t=(t+i)&0xff;
 		}
 	memcpy(sp1,state,16*sizeof(MD2_INT));
-	memset(state,0,48*sizeof(MD2_INT));
+	OPENSSL_cleanse(state,48*sizeof(MD2_INT));
 	}
 
-void MD2_Final(md, c)
-unsigned char *md;
-MD2_CTX *c;
+void MD2_Final(unsigned char *md, MD2_CTX *c)
 	{
 	int i,v;
 	register UCHAR *cp;
diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c
index 513bf62fd..835160ef5 100644
--- a/crypto/md2/md2_one.c
+++ b/crypto/md2/md2_one.c
@@ -58,23 +58,36 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "md2.h"
+#include <openssl/md2.h>
 
 /* This is a separate file so that #defines in cryptlib.h can
  * map my MD functions to different names */
 
-unsigned char *MD2(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	MD2_CTX c;
 	static unsigned char m[MD2_DIGEST_LENGTH];
 
 	if (md == NULL) md=m;
 	MD2_Init(&c);
+#ifndef CHARSET_EBCDIC
 	MD2_Update(&c,d,n);
+#else
+	{
+		char temp[1024];
+		unsigned long chunk;
+
+		while (n > 0)
+		{
+			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+			ebcdic2ascii(temp, d, chunk);
+			MD2_Update(&c,temp,chunk);
+			n -= chunk;
+			d += chunk;
+		}
+	}
+#endif
 	MD2_Final(md,&c);
-	memset(&c,0,sizeof(c));	/* Security consideration */
+	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */
 	return(md);
 	}
diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c
new file mode 100644
index 000000000..53efd430e
--- /dev/null
+++ b/crypto/md4/md4_one.c
@@ -0,0 +1,95 @@
+/* crypto/md4/md4_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md4.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
+	{
+	MD4_CTX c;
+	static unsigned char m[MD4_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+	MD4_Init(&c);
+#ifndef CHARSET_EBCDIC
+	MD4_Update(&c,d,n);
+#else
+	{
+		char temp[1024];
+		unsigned long chunk;
+
+		while (n > 0)
+		{
+			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+			ebcdic2ascii(temp, d, chunk);
+			MD4_Update(&c,temp,chunk);
+			n -= chunk;
+			d += chunk;
+		}
+	}
+#endif
+	MD4_Final(md,&c);
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+	return(md);
+	}
+
diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c
index ab6bb435f..c67eb795c 100644
--- a/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
@@ -57,21 +57,39 @@
  */
 
 #include <stdio.h>
-#include "md5_locl.h"
+#include <string.h>
+#include <openssl/md5.h>
 
-unsigned char *MD5(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	MD5_CTX c;
 	static unsigned char m[MD5_DIGEST_LENGTH];
 
 	if (md == NULL) md=m;
 	MD5_Init(&c);
+#ifndef CHARSET_EBCDIC
 	MD5_Update(&c,d,n);
+#else
+	{
+		char temp[1024];
+		unsigned long chunk;
+
+		while (n > 0)
+		{
+			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+			ebcdic2ascii(temp, d, chunk);
+			MD5_Update(&c,temp,chunk);
+			n -= chunk;
+			d += chunk;
+		}
+	}
+#endif
 	MD5_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 
diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c
index aa055b66f..37f06c8d7 100644
--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
@@ -58,12 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "mdc2.h"
+#include <openssl/mdc2.h>
 
-unsigned char *MDC2(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	MDC2_CTX c;
 	static unsigned char m[MDC2_DIGEST_LENGTH];
@@ -72,7 +69,7 @@ unsigned char *md;
 	MDC2_Init(&c);
 	MDC2_Update(&c,d,n);
         MDC2_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index a86a98f41..e024bd787 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -380,7 +380,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
 		 * NOT taken from the BytesToKey function */
 		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
 
-		if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 
 		buf[0]='\0';
 		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 7a89993b4..6b414cfa5 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1471,7 +1471,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,
 				p,i);
-		memset(p,0,i);
+		OPENSSL_cleanse(p,i);
 		}
 	else
 #endif
author	levitte <levitte>	2002-11-29 11:30:58 +0000
committer	levitte <levitte>	2002-11-29 11:30:58 +0000
commit	f0943f1bbf22c5737e377b512c3b076722f7d699 (patch)
tree	b4d828c50708b3cc01704cd151a3b7b75cb6328e
parent	1eb4d59b446db880d8c329dbb1495df057b51c2d (diff)
download	openssl-f0943f1bbf22c5737e377b512c3b076722f7d699.tar.gz