Cleanse memory using the new OPENSSL_cleanse() function.

I've covered all the memset()s I felt safe modifying, but may have missed some.

3 files changed, 5 insertions, 5 deletions

diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 97be6a5fb5..5e8958612b 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 	}
 	PBEPARAM_free(pbe);
 	EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
-	memset(key, 0, EVP_MAX_KEY_LENGTH);
-	memset(iv, 0, EVP_MAX_IV_LENGTH);
+	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
 	return 1;
 }
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 394af368f4..b5684a83ba 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -136,7 +136,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
 	}
 #endif
 	ret = ASN1_item_d2i(NULL, &p, outlen, it);
-	if (zbuf) memset(out, 0, outlen);
+	if (zbuf) OPENSSL_cleanse(out, outlen);
 	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
 	OPENSSL_free(out);
 	return ret;
@@ -168,7 +168,7 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *i
 		OPENSSL_free(in);
 		return NULL;
 	}
-	if (zbuf) memset(in, 0, inlen);
+	if (zbuf) OPENSSL_cleanse(in, inlen);
 	OPENSSL_free(in);
 	return oct;
 }
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index 0d39ebde8c..9196a34b4a 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
 	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
 						 id, iter, n, out, md_type);
 	if(unipass) {
-		memset(unipass, 0, uniplen);	/* Clear password from memory */
+		OPENSSL_cleanse(unipass, uniplen);	/* Clear password from memory */
 		OPENSSL_free(unipass);
 	}
 	return ret;