import 0.9.7b (without idea and rc5)

author: markus <> 2003-05-11 21:36:58 +0000
committer: markus <> 2003-05-11 21:36:58 +0000
commit: 1c98a87f0daac81245653c227eb2f2508a22a965 (patch)
tree: 3de6d603296ec563b936da4e6a8a1e33d48f8884 /src/lib/libcrypto/pkcs12
parent: 31392c89d1135cf2a416f97295f6d21681b3fbc4 (diff)
download: openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.gz
openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.bz2
openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.zip
4 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index 97be6a5fb5..5e8958612b 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        }
        PBEPARAM_free(pbe);
        EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
-        memset(key, 0, EVP_MAX_KEY_LENGTH);
+        OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
-        memset(iv, 0, EVP_MAX_IV_LENGTH);
+        OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
        return 1;
 }
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index 394af368f4..b5684a83ba 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -136,7 +136,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
        }
 #endif
        ret = ASN1_item_d2i(NULL, &p, outlen, it);
-        if (zbuf) memset(out, 0, outlen);
+        if (zbuf) OPENSSL_cleanse(out, outlen);
        if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
        OPENSSL_free(out);
        return ret;
@@ -168,7 +168,7 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *i
                OPENSSL_free(in);
                return NULL;
        }
-        if (zbuf) memset(in, 0, inlen);
+        if (zbuf) OPENSSL_cleanse(in, inlen);
        OPENSSL_free(in);
        return oct;
 }
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 0d39ebde8c..9196a34b4a 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                                                 id, iter, n, out, md_type);
        if(unipass) {
-                memset(unipass, 0, uniplen);    /* Clear password from memory */
+                OPENSSL_cleanse(unipass, uniplen);      /* Clear password from memory */
                OPENSSL_free(unipass);
        }
        return ret;
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
index a549433eeb..af708a2743 100644
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -107,7 +107,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 {
        STACK_OF(PKCS7) *asafes, *newsafes;
        STACK_OF(PKCS12_SAFEBAG) *bags;
-        int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
+        int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
        PKCS7 *p7, *p7new;
        ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
        unsigned char mac[EVP_MAX_MD_SIZE];
author	markus <>	2003-05-11 21:36:58 +0000
committer	markus <>	2003-05-11 21:36:58 +0000
commit	1c98a87f0daac81245653c227eb2f2508a22a965 (patch)
tree	3de6d603296ec563b936da4e6a8a1e33d48f8884 /src/lib/libcrypto/pkcs12
parent	31392c89d1135cf2a416f97295f6d21681b3fbc4 (diff)
download	openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.gz openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.bz2 openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.zip

diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c index 97be6a5fb5..5e8958612b 100644 --- a/src/lib/libcrypto/pkcs12/p12_crpt.c +++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX ctx, const char pass, int passlen,
118	}	118	}
119	PBEPARAM_free(pbe);	119	PBEPARAM_free(pbe);
120	EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);	120	EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
121	memset(key, 0, EVP_MAX_KEY_LENGTH);	121	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
122	memset(iv, 0, EVP_MAX_IV_LENGTH);	122	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
123	return 1;	123	return 1;
124	}	124	}


diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c index 394af368f4..b5684a83ba 100644 --- a/src/lib/libcrypto/pkcs12/p12_decr.c +++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -136,7 +136,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR algor, const ASN1_ITEM it,
136	}	136	}
137	#endif	137	#endif
138	ret = ASN1_item_d2i(NULL, &p, outlen, it);	138	ret = ASN1_item_d2i(NULL, &p, outlen, it);
139	if (zbuf) memset(out, 0, outlen);	139	if (zbuf) OPENSSL_cleanse(out, outlen);
140	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);	140	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
141	OPENSSL_free(out);	141	OPENSSL_free(out);
142	return ret;	142	return ret;
@@ -168,7 +168,7 @@ ASN1_OCTET_STRING PKCS12_item_i2d_encrypt(X509_ALGOR algor, const ASN1_ITEM *i
168	OPENSSL_free(in);	168	OPENSSL_free(in);
169	return NULL;	169	return NULL;
170	}	170	}
171	if (zbuf) memset(in, 0, inlen);	171	if (zbuf) OPENSSL_cleanse(in, inlen);
172	OPENSSL_free(in);	172	OPENSSL_free(in);
173	return oct;	173	return oct;
174	}	174	}


diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c index 0d39ebde8c..9196a34b4a 100644 --- a/src/lib/libcrypto/pkcs12/p12_key.c +++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char pass, int passlen, unsigned char salt,
91	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,	91	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
92	id, iter, n, out, md_type);	92	id, iter, n, out, md_type);
93	if(unipass) {	93	if(unipass) {
94	memset(unipass, 0, uniplen); /* Clear password from memory */	94	OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
95	OPENSSL_free(unipass);	95	OPENSSL_free(unipass);
96	}	96	}
97	return ret;	97	return ret;


diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c index a549433eeb..af708a2743 100644 --- a/src/lib/libcrypto/pkcs12/p12_npas.c +++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -107,7 +107,7 @@ static int newpass_p12(PKCS12 p12, char oldpass, char *newpass)
107	{	107	{
108	STACK_OF(PKCS7) asafes, newsafes;	108	STACK_OF(PKCS7) asafes, newsafes;
109	STACK_OF(PKCS12_SAFEBAG) *bags;	109	STACK_OF(PKCS12_SAFEBAG) *bags;
110	int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;	110	int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
111	PKCS7 p7, p7new;	111	PKCS7 p7, p7new;
112	ASN1_OCTET_STRING p12_data_tmp = NULL, macnew = NULL;	112	ASN1_OCTET_STRING p12_data_tmp = NULL, macnew = NULL;
113	unsigned char mac[EVP_MAX_MD_SIZE];	113	unsigned char mac[EVP_MAX_MD_SIZE];