Use explicit_bzero() instead of OPENSSL_cleanse().

author: jsing <> 2019-08-11 10:43:24 +0000
committer: jsing <> 2019-08-11 10:43:24 +0000
commit: 0fcd567f3f5fd99c93130fc464884b7c714001ff (patch)
tree: 0fa916befda895a44066cf6f644cbea128ae7e8b
parent: 40ce59403b918c4baa975308e0e0fed2d27b9012 (diff)
download: openbsd-0fcd567f3f5fd99c93130fc464884b7c714001ff.tar.gz
openbsd-0fcd567f3f5fd99c93130fc464884b7c714001ff.tar.bz2
openbsd-0fcd567f3f5fd99c93130fc464884b7c714001ff.zip
2 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
index 38d6b5649c..a27c27f726 100644
--- a/src/lib/libcrypto/cms/cms_env.c
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_env.c,v 1.18 2019/08/11 10:41:49 jsing Exp $ */
+/* $OpenBSD: cms_env.c,v 1.19 2019/08/11 10:43:24 jsing Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -716,7 +716,7 @@ cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 err:
        if (!r)
                free(wkey);
-        OPENSSL_cleanse(&actx, sizeof(actx));
+        explicit_bzero(&actx, sizeof(actx));
        return r;
 }
@@ -782,7 +782,7 @@ cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
        if (!r)
                free(ukey);
-        OPENSSL_cleanse(&actx, sizeof(actx));
+        explicit_bzero(&actx, sizeof(actx));
        return r;
 }
diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c
index 19513e3658..ca3e6d75de 100644
--- a/src/lib/libcrypto/cms/cms_kari.c
+++ b/src/lib/libcrypto/cms/cms_kari.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_kari.c,v 1.8 2019/08/11 10:41:49 jsing Exp $ */
+/* $OpenBSD: cms_kari.c,v 1.9 2019/08/11 10:43:24 jsing Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -266,7 +266,7 @@ cms_kek_cipher(unsigned char **pout, size_t *poutlen, const unsigned char *in,
        rv = 1;
 err:
-        OPENSSL_cleanse(kek, keklen);
+        explicit_bzero(kek, keklen);
        if (!rv)
                free(out);
        EVP_CIPHER_CTX_reset(kari->ctx);
author	jsing <>	2019-08-11 10:43:24 +0000
committer	jsing <>	2019-08-11 10:43:24 +0000
commit	0fcd567f3f5fd99c93130fc464884b7c714001ff (patch)
tree	0fa916befda895a44066cf6f644cbea128ae7e8b
parent	40ce59403b918c4baa975308e0e0fed2d27b9012 (diff)
download	openbsd-0fcd567f3f5fd99c93130fc464884b7c714001ff.tar.gz openbsd-0fcd567f3f5fd99c93130fc464884b7c714001ff.tar.bz2 openbsd-0fcd567f3f5fd99c93130fc464884b7c714001ff.zip

diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c index 38d6b5649c..a27c27f726 100644 --- a/src/lib/libcrypto/cms/cms_env.c +++ b/src/lib/libcrypto/cms/cms_env.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cms_env.c,v 1.18 2019/08/11 10:41:49 jsing Exp $ */	1	/* $OpenBSD: cms_env.c,v 1.19 2019/08/11 10:43:24 jsing Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4	* project.	4	* project.
@@ -716,7 +716,7 @@ cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo cms, CMS_RecipientInfo ri)
716	err:	716	err:
717	if (!r)	717	if (!r)
718	free(wkey);	718	free(wkey);
719	OPENSSL_cleanse(&actx, sizeof(actx));	719	explicit_bzero(&actx, sizeof(actx));
720		720
721	return r;	721	return r;
722	}	722	}
@@ -782,7 +782,7 @@ cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo cms, CMS_RecipientInfo ri)
782		782
783	if (!r)	783	if (!r)
784	free(ukey);	784	free(ukey);
785	OPENSSL_cleanse(&actx, sizeof(actx));	785	explicit_bzero(&actx, sizeof(actx));
786		786
787	return r;	787	return r;
788	}	788	}


diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c index 19513e3658..ca3e6d75de 100644 --- a/src/lib/libcrypto/cms/cms_kari.c +++ b/src/lib/libcrypto/cms/cms_kari.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cms_kari.c,v 1.8 2019/08/11 10:41:49 jsing Exp $ */	1	/* $OpenBSD: cms_kari.c,v 1.9 2019/08/11 10:43:24 jsing Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4	* project.	4	* project.
@@ -266,7 +266,7 @@ cms_kek_cipher(unsigned char *pout, size_t poutlen, const unsigned char *in,
266	rv = 1;	266	rv = 1;
267		267
268	err:	268	err:
269	OPENSSL_cleanse(kek, keklen);	269	explicit_bzero(kek, keklen);
270	if (!rv)	270	if (!rv)
271	free(out);	271	free(out);
272	EVP_CIPHER_CTX_reset(kari->ctx);	272	EVP_CIPHER_CTX_reset(kari->ctx);