1 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 24bcebef61..7755c3c30e 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_doit.c,v 1.36 2015/07/29 14:58:34 jsing Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.37 2015/09/10 15:56:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -233,7 +233,7 @@ pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
        ret = 1;
        if (*pek) {
-                OPENSSL_cleanse(*pek, *peklen);
+                explicit_bzero(*pek, *peklen);
                free(*pek);
        }
@@ -371,7 +371,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                        if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
                                goto err;
                }
-                OPENSSL_cleanse(key, keylen);
+                explicit_bzero(key, keylen);
                if (out == NULL)
                        out = btmp;
@@ -588,7 +588,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                         */
                        if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
                                /* Use random key as MMA defence */
-                                OPENSSL_cleanse(ek, eklen);
+                                explicit_bzero(ek, eklen);
                                free(ek);
                                ek = tkey;
                                eklen = tkeylen;
@@ -601,12 +601,12 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        goto err;
                if (ek) {
-                        OPENSSL_cleanse(ek, eklen);
+                        explicit_bzero(ek, eklen);
                        free(ek);
                        ek = NULL;
                }
                if (tkey) {
-                        OPENSSL_cleanse(tkey, tkeylen);
+                        explicit_bzero(tkey, tkeylen);
                        free(tkey);
                        tkey = NULL;
                }
@@ -635,11 +635,11 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        if (0) {
 err:
                if (ek) {
-                        OPENSSL_cleanse(ek, eklen);
+                        explicit_bzero(ek, eklen);
                        free(ek);
                }
                if (tkey) {
-                        OPENSSL_cleanse(tkey, tkeylen);
+                        explicit_bzero(tkey, tkeylen);
                        free(tkey);
                }
                if (out != NULL)

diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 24bcebef61..7755c3c30e 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pk7_doit.c,v 1.36 2015/07/29 14:58:34 jsing Exp $ */	1	/* $OpenBSD: pk7_doit.c,v 1.37 2015/09/10 15:56:25 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -233,7 +233,7 @@ pkcs7_decrypt_rinfo(unsigned char *pek, int peklen, PKCS7_RECIP_INFO *ri,
233	ret = 1;	233	ret = 1;
234		234
235	if (*pek) {	235	if (*pek) {
236	OPENSSL_cleanse(pek, peklen);	236	explicit_bzero(pek, peklen);
237	free(*pek);	237	free(*pek);
238	}	238	}
239		239
@@ -371,7 +371,7 @@ PKCS7_dataInit(PKCS7 p7, BIO bio)
371	if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)	371	if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
372	goto err;	372	goto err;
373	}	373	}
374	OPENSSL_cleanse(key, keylen);	374	explicit_bzero(key, keylen);
375		375
376	if (out == NULL)	376	if (out == NULL)
377	out = btmp;	377	out = btmp;
@@ -588,7 +588,7 @@ PKCS7_dataDecode(PKCS7 p7, EVP_PKEY pkey, BIO in_bio, X509 pcert)
588	*/	588	*/
589	if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {	589	if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
590	/* Use random key as MMA defence */	590	/* Use random key as MMA defence */
591	OPENSSL_cleanse(ek, eklen);	591	explicit_bzero(ek, eklen);
592	free(ek);	592	free(ek);
593	ek = tkey;	593	ek = tkey;
594	eklen = tkeylen;	594	eklen = tkeylen;
@@ -601,12 +601,12 @@ PKCS7_dataDecode(PKCS7 p7, EVP_PKEY pkey, BIO in_bio, X509 pcert)
601	goto err;	601	goto err;
602		602
603	if (ek) {	603	if (ek) {
604	OPENSSL_cleanse(ek, eklen);	604	explicit_bzero(ek, eklen);
605	free(ek);	605	free(ek);
606	ek = NULL;	606	ek = NULL;
607	}	607	}
608	if (tkey) {	608	if (tkey) {
609	OPENSSL_cleanse(tkey, tkeylen);	609	explicit_bzero(tkey, tkeylen);
610	free(tkey);	610	free(tkey);
611	tkey = NULL;	611	tkey = NULL;
612	}	612	}
@@ -635,11 +635,11 @@ PKCS7_dataDecode(PKCS7 p7, EVP_PKEY pkey, BIO in_bio, X509 pcert)
635	if (0) {	635	if (0) {
636	err:	636	err:
637	if (ek) {	637	if (ek) {
638	OPENSSL_cleanse(ek, eklen);	638	explicit_bzero(ek, eklen);
639	free(ek);	639	free(ek);
640	}	640	}
641	if (tkey) {	641	if (tkey) {
642	OPENSSL_cleanse(tkey, tkeylen);	642	explicit_bzero(tkey, tkeylen);
643	free(tkey);	643	free(tkey);
644	}	644	}
645	if (out != NULL)	645	if (out != NULL)