3 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libcrypto/pkcs7/Makefile.ssl b/src/lib/libcrypto/pkcs7/Makefile.ssl
index 1302469def..c3bfc7d560 100644
--- a/src/lib/libcrypto/pkcs7/Makefile.ssl
+++ b/src/lib/libcrypto/pkcs7/Makefile.ssl
@@ -89,7 +89,7 @@ lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
 depend:
-        $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 dclean:
        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/src/lib/libcrypto/pkcs7/bio_ber.c b/src/lib/libcrypto/pkcs7/bio_ber.c
index 42331f7ab0..895a91177b 100644
--- a/src/lib/libcrypto/pkcs7/bio_ber.c
+++ b/src/lib/libcrypto/pkcs7/bio_ber.c
@@ -145,7 +145,7 @@ static int ber_free(BIO *a)
        if (a == NULL) return(0);
        b=(BIO_BER_CTX *)a->ptr;
-        memset(a->ptr,0,sizeof(BIO_BER_CTX));
+        OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
        OPENSSL_free(a->ptr);
        a->ptr=NULL;
        a->init=0;
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 4a4ff340ce..0060a2ea3d 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                        M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
                        }
                OPENSSL_free(tmp);
-                memset(key, 0, keylen);
+                OPENSSL_cleanse(key, keylen);
                if (out == NULL)
                        out=btmp;
@@ -448,7 +448,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                } 
                EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
-                memset(tmp,0,jj);
+                OPENSSL_cleanse(tmp,jj);
                if (out == NULL)
                        out=etmp;
@@ -578,7 +578,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                        /* We now have the EVP_MD_CTX, lets do the
                         * signing. */
                        EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
-                        if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+                        if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
                                {
                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
                                goto err;

diff --git a/src/lib/libcrypto/pkcs7/Makefile.ssl b/src/lib/libcrypto/pkcs7/Makefile.ssl index 1302469def..c3bfc7d560 100644 --- a/src/lib/libcrypto/pkcs7/Makefile.ssl +++ b/src/lib/libcrypto/pkcs7/Makefile.ssl
@@ -89,7 +89,7 @@ lint:
89	lint -DLINT $(INCLUDES) $(SRC)>fluff	89	lint -DLINT $(INCLUDES) $(SRC)>fluff
90		90
91	depend:	91	depend:
92	$(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)	92	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
93		93
94	dclean:	94	dclean:
95	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new	95	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new


diff --git a/src/lib/libcrypto/pkcs7/bio_ber.c b/src/lib/libcrypto/pkcs7/bio_ber.c index 42331f7ab0..895a91177b 100644 --- a/src/lib/libcrypto/pkcs7/bio_ber.c +++ b/src/lib/libcrypto/pkcs7/bio_ber.c
@@ -145,7 +145,7 @@ static int ber_free(BIO *a)
145		145
146	if (a == NULL) return(0);	146	if (a == NULL) return(0);
147	b=(BIO_BER_CTX *)a->ptr;	147	b=(BIO_BER_CTX *)a->ptr;
148	memset(a->ptr,0,sizeof(BIO_BER_CTX));	148	OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
149	OPENSSL_free(a->ptr);	149	OPENSSL_free(a->ptr);
150	a->ptr=NULL;	150	a->ptr=NULL;
151	a->init=0;	151	a->init=0;


diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 4a4ff340ce..0060a2ea3d 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -241,7 +241,7 @@ BIO PKCS7_dataInit(PKCS7 p7, BIO *bio)
241	M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);	241	M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
242	}	242	}
243	OPENSSL_free(tmp);	243	OPENSSL_free(tmp);
244	memset(key, 0, keylen);	244	OPENSSL_cleanse(key, keylen);
245		245
246	if (out == NULL)	246	if (out == NULL)
247	out=btmp;	247	out=btmp;
@@ -448,7 +448,7 @@ BIO PKCS7_dataDecode(PKCS7 p7, EVP_PKEY pkey, BIO in_bio, X509 *pcert)
448	}	448	}
449	EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);	449	EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
450		450
451	memset(tmp,0,jj);	451	OPENSSL_cleanse(tmp,jj);
452		452
453	if (out == NULL)	453	if (out == NULL)
454	out=etmp;	454	out=etmp;
@@ -578,7 +578,7 @@ int PKCS7_dataFinal(PKCS7 p7, BIO bio)
578	/* We now have the EVP_MD_CTX, lets do the	578	/* We now have the EVP_MD_CTX, lets do the
579	* signing. */	579	* signing. */
580	EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);	580	EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
581	if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))	581	if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
582	{	582	{
583	PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);	583	PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
584	goto err;	584	goto err;