From 020061f74efb2de9e81b625947d12fd92d08952b Mon Sep 17 00:00:00 2001
From: guenther <>
Date: Mon, 21 Jul 2014 20:19:47 +0000
Subject: Use explicit_bzero() instead of memset() on buffers going out of
 scope. Also, zero the SHA256 context.

suggested by "eric" in a comment on an opensslrampage.org post
ok miod@ deraadt@
---
 src/lib/libcrypto/arc4random/getentropy_solaris.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/arc4random/getentropy_solaris.c')

diff --git a/src/lib/libcrypto/arc4random/getentropy_solaris.c b/src/lib/libcrypto/arc4random/getentropy_solaris.c
index fed0eeb53a..6ec2fe584c 100644
--- a/src/lib/libcrypto/arc4random/getentropy_solaris.c
+++ b/src/lib/libcrypto/arc4random/getentropy_solaris.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getentropy_solaris.c,v 1.8 2014/07/19 16:12:00 deraadt Exp $	*/
+/*	$OpenBSD: getentropy_solaris.c,v 1.9 2014/07/21 20:19:47 guenther Exp $	*/
 
 /*
  * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -434,7 +434,8 @@ getentropy_fallback(void *buf, size_t len)
 		memcpy((char *)buf + i, results, min(sizeof(results), len - i));
 		i += min(sizeof(results), len - i);
 	}
-	memset(results, 0, sizeof results);
+	explicit_bzero(&ctx, sizeof ctx);
+	explicit_bzero(results, sizeof results);
 	if (gotdata(buf, len) == 0) {
 		errno = save_errno;
 		return 0;		/* satisfied */
-- 
cgit v1.2.3-55-g6feb