Commit 920b700d authored Nov 28, 2002 by Richard Levitte

Cleanse memory using the new OPENSSL_cleanse() function.

I've covered all the memset()s I felt safe modifying, but may have missed some.

parent 615ee040

apps/ca.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -543,7 +543,7 @@ bad:
		goto err;
		}
		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
		if(key) memset(key,0,strlen(key));
		if(key) OPENSSL_cleanse(key,strlen(key));
		if (pkey == NULL)
		{
		BIO_printf(bio_err,"unable to load CA private key\n");

apps/dgst.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -327,7 +327,7 @@ int MAIN(int argc, char **argv)
		end:
		if (buf != NULL)
		{
		memset(buf,0,BUFSIZE);
		OPENSSL_cleanse(buf,BUFSIZE);
		OPENSSL_free(buf);
		}
		if (in != NULL) BIO_free(in);

apps/enc.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -506,9 +506,9 @@ bad:
		* bug picked up by
		* Larry J. Hughes Jr. <hughes@indiana.edu> */
		if (str == strbuf)
		memset(str,0,SIZE);
		OPENSSL_cleanse(str,SIZE);
		else
		memset(str,0,strlen(str));
		OPENSSL_cleanse(str,strlen(str));
		}
		if ((hiv != NULL) && !set_hex(hiv,iv,8))
		{

apps/s_client.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -768,8 +768,8 @@ end:
		if (con != NULL) SSL_free(con);
		if (con2 != NULL) SSL_free(con2);
		if (ctx != NULL) SSL_CTX_free(ctx);
		if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
		if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
		if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
		if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
		if (bio_c_out != NULL)
		{
		BIO_free(bio_c_out);

apps/s_server.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1043,7 +1043,7 @@ err:
		BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
		if (buf != NULL)
		{
		memset(buf,0,bufsize);
		OPENSSL_cleanse(buf,bufsize);
		OPENSSL_free(buf);
		}
		if (ret >= 0)