Cleanse memory using the new OPENSSL_cleanse() function.

I've covered all the memset()s I felt safe modifying, but may have missed some.

4 files changed, 23 insertions, 23 deletions

diff --git a/crypto/des/des.c b/crypto/des/des.c
index 215d7413c0..22596648e8 100644
--- a/crypto/des/des.c
+++ b/crypto/des/des.c
@@ -423,7 +423,7 @@ void doencryption(void)
 				k2[i-8]=k;
 			}
 		des_set_key_unchecked(&k2,ks2);
-		memset(k2,0,sizeof(k2));
+		OPENSSL_cleanse(k2,sizeof(k2));
 		}
 	else if (longk || flag3)
 		{
@@ -431,7 +431,7 @@ void doencryption(void)
 			{
 			des_string_to_2keys(key,&kk,&k2);
 			des_set_key_unchecked(&k2,ks2);
-			memset(k2,0,sizeof(k2));
+			OPENSSL_cleanse(k2,sizeof(k2));
 			}
 		else
 			des_string_to_key(key,&kk);
@@ -453,8 +453,8 @@ void doencryption(void)
 			}
 
 	des_set_key_unchecked(&kk,ks);
-	memset(key,0,sizeof(key));
-	memset(kk,0,sizeof(kk));
+	OPENSSL_cleanse(key,sizeof(key));
+	OPENSSL_cleanse(kk,sizeof(kk));
 	/* woops - A bug that does not showup under unix :-( */
 	memset(iv,0,sizeof(iv));
 	memset(iv2,0,sizeof(iv2));
@@ -662,18 +662,18 @@ void doencryption(void)
 		if (l) fclose(CKSUM_OUT);
 		}
 problems:
-	memset(buf,0,sizeof(buf));
-	memset(obuf,0,sizeof(obuf));
-	memset(ks,0,sizeof(ks));
-	memset(ks2,0,sizeof(ks2));
-	memset(iv,0,sizeof(iv));
-	memset(iv2,0,sizeof(iv2));
-	memset(kk,0,sizeof(kk));
-	memset(k2,0,sizeof(k2));
-	memset(uubuf,0,sizeof(uubuf));
-	memset(b,0,sizeof(b));
-	memset(bb,0,sizeof(bb));
-	memset(cksum,0,sizeof(cksum));
+	OPENSSL_cleanse(buf,sizeof(buf));
+	OPENSSL_cleanse(obuf,sizeof(obuf));
+	OPENSSL_cleanse(ks,sizeof(ks));
+	OPENSSL_cleanse(ks2,sizeof(ks2));
+	OPENSSL_cleanse(iv,sizeof(iv));
+	OPENSSL_cleanse(iv2,sizeof(iv2));
+	OPENSSL_cleanse(kk,sizeof(kk));
+	OPENSSL_cleanse(k2,sizeof(k2));
+	OPENSSL_cleanse(uubuf,sizeof(uubuf));
+	OPENSSL_cleanse(b,sizeof(b));
+	OPENSSL_cleanse(bb,sizeof(bb));
+	OPENSSL_cleanse(cksum,sizeof(cksum));
 	if (Exit) EXIT(Exit);
 	}
 
diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
index a8ceaf088a..25d3c63131 100644
--- a/crypto/des/read2pwd.c
+++ b/crypto/des/read2pwd.c
@@ -65,8 +65,8 @@ int des_read_password(des_cblock *key, const char *prompt, int verify)
 
 	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
 		des_string_to_key(buf,key);
-	memset(buf,0,BUFSIZ);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buf,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ok);
 	}
 
@@ -78,7 +78,7 @@ int des_read_2passwords(des_cblock *key1, des_cblock *key2, const char *prompt,
 
 	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
 		des_string_to_2keys(buf,key1,key2);
-	memset(buf,0,BUFSIZ);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buf,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ok);
 	}
diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c
index cba52cad78..a8f1590943 100644
--- a/crypto/des/read_pwd.c
+++ b/crypto/des/read_pwd.c
@@ -218,7 +218,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt,
 	int ret;
 
 	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ret);
 	}
 
diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index c6abb87201..fc5b96ee87 100644
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -88,7 +88,7 @@ void des_string_to_key(const char *str, des_cblock *key)
 	des_set_odd_parity(key);
 	des_set_key_unchecked(key,ks);
 	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
-	memset(ks,0,sizeof(ks));
+	OPENSSL_cleanse(ks,sizeof(ks));
 	des_set_odd_parity(key);
 	}
 
@@ -149,7 +149,7 @@ void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2)
 	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
 	des_set_key_unchecked(key2,ks);
 	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
-	memset(ks,0,sizeof(ks));
+	OPENSSL_cleanse(ks,sizeof(ks));
 	des_set_odd_parity(key1);
 	des_set_odd_parity(key2);
 	}