Cleanse memory using the new OPENSSL_cleanse() function.

I've covered all the memset()s I felt safe modifying, but may have missed some.

apps/apps.c

@@ -615,7 +615,7 @@ int password_callback(char *buf, int bufsiz, int verify,
 
 		if (buff)
 			{
-			memset(buff,0,(unsigned int)bufsiz);
+			OPENSSL_cleanse(buff,(unsigned int)bufsiz);
 			OPENSSL_free(buff);
 			}
 
@@ -625,13 +625,13 @@ int password_callback(char *buf, int bufsiz, int verify,
 			{
 			BIO_printf(bio_err, "User interface error\n");
 			ERR_print_errors(bio_err);
-			memset(buf,0,(unsigned int)bufsiz);
+			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
 			res = 0;
 			}
 		if (ok == -2)
 			{
 			BIO_printf(bio_err,"aborted!\n");
-			memset(buf,0,(unsigned int)bufsiz);
+			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
 			res = 0;
 			}
 		UI_free(ui);

apps/ca.c

@@ -706,7 +706,7 @@ EF_ALIGNMENT=0;
 		}
 	pkey = load_key(bio_err, keyfile, keyform, 0, key, e, 
 		"CA private key");
-	if (key) memset(key,0,strlen(key));
+	if (key) OPENSSL_cleanse(key,strlen(key));
 	if (pkey == NULL)
 		{
 		/* load_key() has already printed an appropriate message */

apps/dgst.c

@@ -356,7 +356,7 @@ int MAIN(int argc, char **argv)
 end:
 	if (buf != NULL)
 		{
-		memset(buf,0,BUFSIZE);
+		OPENSSL_cleanse(buf,BUFSIZE);
 		OPENSSL_free(buf);
 		}
 	if (in != NULL) BIO_free(in);

apps/enc.c

@@ -481,9 +481,9 @@ int MAIN(int argc, char **argv)
 			 * bug picked up by
 			 * Larry J. Hughes Jr. <[email protected]> */
 			if (str == strbuf)
-				memset(str,0,SIZE);
+				OPENSSL_cleanse(str,SIZE);
 			else
-				memset(str,0,strlen(str));
+				OPENSSL_cleanse(str,strlen(str));
 			}
 		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
 			{

apps/s_client.c

@@ -908,9 +908,9 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 	if (con != NULL) SSL_free(con);
 	if (con2 != NULL) SSL_free(con2);
 	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
-	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
-	if (mbuf != NULL) { memset(mbuf,0,BUFSIZZ); OPENSSL_free(mbuf); }
+	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
 	if (bio_c_out != NULL)
 		{
 		BIO_free(bio_c_out);

apps/s_server.c

@@ -1184,7 +1184,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
 	if (buf != NULL)
 		{
-		memset(buf,0,bufsize);
+		OPENSSL_cleanse(buf,bufsize);
 		OPENSSL_free(buf);
 		}
 	if (ret >= 0)

crypto/asn1/a_sign.c

@@ -204,9 +204,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 err:
 	EVP_MD_CTX_cleanup(&ctx);
 	if (buf_in != NULL)
-		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
 	if (buf_out != NULL)
-		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}
 
@@ -287,8 +287,8 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 err:
 	EVP_MD_CTX_cleanup(&ctx);
 	if (buf_in != NULL)
-		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
 	if (buf_out != NULL)
-		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}

crypto/asn1/a_verify.c

@@ -103,7 +103,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-	memset(buf_in,0,(unsigned int)inl);
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
 	OPENSSL_free(buf_in);
 
 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
@@ -153,7 +153,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-	memset(buf_in,0,(unsigned int)inl);
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
 	OPENSSL_free(buf_in);
 
 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,

crypto/asn1/n_pkey.c

@@ -187,7 +187,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	i2d_NETSCAPE_PKEY(pkey,&zz);
 
 	/* Wipe the private key encoding */
-	memset(pkey->private_key->data, 0, rsalen);
+	OPENSSL_cleanse(pkey->private_key->data, rsalen);
 
 	if (cb == NULL)
 		cb=EVP_read_pw_string;
@@ -206,7 +206,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	}
 
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	memset(buf,0,256);
+	OPENSSL_cleanse(buf,256);
 
 	/* Encrypt private key in place */
 	zz = enckey->enckey->digest->data;
@@ -294,7 +294,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
 	}
 
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	memset(buf,0,256);
+	OPENSSL_cleanse(buf,256);
 
 	EVP_CIPHER_CTX_init(&ctx);
 	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);

crypto/asn1/p8_pkey.c

@@ -68,8 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 	if(operation == ASN1_OP_FREE_PRE) {
 		PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
 		if (key->pkey->value.octet_string)
-		memset(key->pkey->value.octet_string->data,
-				 0, key->pkey->value.octet_string->length);
+		OPENSSL_cleanse(key->pkey->value.octet_string->data,
+			key->pkey->value.octet_string->length);
 	}
 	return 1;
 }

crypto/des/des.c

@@ -427,15 +427,15 @@ void doencryption(void)
 				k2[i-8]=k;
 			}
 		DES_set_key_unchecked(&k2,&ks2);
-		memset(k2,0,sizeof(k2));
+		OPENSSL_cleanse(k2,sizeof(k2));
 		}
 	else if (longk || flag3)
 		{
 		if (flag3)
 			{
 			DES_string_to_2keys(key,&kk,&k2);
 			DES_set_key_unchecked(&k2,&ks2);
-			memset(k2,0,sizeof(k2));
+			OPENSSL_cleanse(k2,sizeof(k2));
 			}
 		else
 			DES_string_to_key(key,&kk);
@@ -457,8 +457,8 @@ void doencryption(void)
 			}
 
 	DES_set_key_unchecked(&kk,&ks);
-	memset(key,0,sizeof(key));
-	memset(kk,0,sizeof(kk));
+	OPENSSL_cleanse(key,sizeof(key));
+	OPENSSL_cleanse(kk,sizeof(kk));
 	/* woops - A bug that does not showup under unix :-( */
 	memset(iv,0,sizeof(iv));
 	memset(iv2,0,sizeof(iv2));
@@ -666,18 +666,18 @@ void doencryption(void)
 		if (l) fclose(CKSUM_OUT);
 		}
 problems:
-	memset(buf,0,sizeof(buf));
-	memset(obuf,0,sizeof(obuf));
-	memset(&ks,0,sizeof(ks));
-	memset(&ks2,0,sizeof(ks2));
-	memset(iv,0,sizeof(iv));
-	memset(iv2,0,sizeof(iv2));
-	memset(kk,0,sizeof(kk));
-	memset(k2,0,sizeof(k2));
-	memset(uubuf,0,sizeof(uubuf));
-	memset(b,0,sizeof(b));
-	memset(bb,0,sizeof(bb));
-	memset(cksum,0,sizeof(cksum));
+	OPENSSL_cleanse(buf,sizeof(buf));
+	OPENSSL_cleanse(obuf,sizeof(obuf));
+	OPENSSL_cleanse(&ks,sizeof(ks));
+	OPENSSL_cleanse(&ks2,sizeof(ks2));
+	OPENSSL_cleanse(iv,sizeof(iv));
+	OPENSSL_cleanse(iv2,sizeof(iv2));
+	OPENSSL_cleanse(kk,sizeof(kk));
+	OPENSSL_cleanse(k2,sizeof(k2));
+	OPENSSL_cleanse(uubuf,sizeof(uubuf));
+	OPENSSL_cleanse(b,sizeof(b));
+	OPENSSL_cleanse(bb,sizeof(bb));
+	OPENSSL_cleanse(cksum,sizeof(cksum));
 	if (Exit) EXIT(Exit);
 	}
 

crypto/des/read2pwd.c

@@ -123,8 +123,8 @@ int DES_read_password(DES_cblock *key, const char *prompt, int verify)
 
 	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
 		DES_string_to_key(buf,key);
-	memset(buf,0,BUFSIZ);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buf,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ok);
 	}
 
@@ -136,7 +136,7 @@ int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
 
 	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
 		DES_string_to_2keys(buf,key1,key2);
-	memset(buf,0,BUFSIZ);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buf,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ok);
 	}

crypto/des/read_pwd.c

@@ -220,7 +220,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt,
 	int ret;
 
 	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ret);
 	}
 

crypto/des/str2key.c

@@ -94,7 +94,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
 	DES_set_key_unchecked(key,&ks);
 #endif
 	DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
-	memset(&ks,0,sizeof(ks));
+	OPENSSL_cleanse(&ks,sizeof(ks));
 	DES_set_odd_parity(key);
 	}
 
@@ -167,7 +167,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 	DES_set_key_unchecked(key2,&ks);
 #endif
 	DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
-	memset(&ks,0,sizeof(ks));
+	OPENSSL_cleanse(&ks,sizeof(ks));
 	DES_set_odd_parity(key1);
 	DES_set_odd_parity(key2);
 	}

crypto/ec/ec_lib.c

@@ -128,7 +128,7 @@ void EC_GROUP_clear_free(EC_GROUP *group)
 
 	EC_GROUP_clear_free_extra_data(group);
 
-	memset(group, 0, sizeof *group);
+	OPENSSL_cleanse(group, sizeof *group);
 	OPENSSL_free(group);
 	}
 
@@ -357,7 +357,7 @@ void EC_POINT_clear_free(EC_POINT *point)
 		point->meth->point_clear_finish(point);
 	else if (point->meth != NULL && point->meth->point_finish != 0)
 		point->meth->point_finish(point);
-	memset(point, 0, sizeof *point);
+	OPENSSL_cleanse(point, sizeof *point);
 	OPENSSL_free(point);
 	}
 

crypto/engine/hw_4758_cca.c

@@ -717,7 +717,7 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
 
 	if (type == NID_sha1 || type == NID_md5)
 		{
-		memset(hashBuffer, 0, keyLength+1);
+		OPENSSL_cleanse(hashBuffer, keyLength+1);
 		OPENSSL_free(hashBuffer);
 		}
 
@@ -840,7 +840,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
 
 	if (type == NID_sha1 || type == NID_md5)
 		{
-		memset(hashBuffer, 0, keyLength+1);
+		OPENSSL_cleanse(hashBuffer, keyLength+1);
 		OPENSSL_free(hashBuffer);
 		}
 

crypto/engine/hw_sureware.c

@@ -907,7 +907,7 @@ static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned c
 err:
 	if (buf)
 	{
-		memset(buf,0,tlen);
+		OPENSSL_cleanse(buf,tlen);
 		OPENSSL_free(buf);
 	}
 	return ret;

crypto/evp/bio_enc.c

@@ -132,7 +132,7 @@ static int enc_free(BIO *a)
 	if (a == NULL) return(0);
 	b=(BIO_ENC_CTX *)a->ptr;
 	EVP_CIPHER_CTX_cleanup(&(b->cipher));
-	memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
 	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;

crypto/evp/bio_ok.c

@@ -211,7 +211,7 @@ static int ok_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
-	memset(a->ptr,0,sizeof(BIO_OK_CTX));
+	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
 	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;

crypto/evp/digest.c

@@ -301,7 +301,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 		ctx->digest->cleanup(ctx);
 	if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
 		{
-		memset(ctx->md_data,0,ctx->digest->ctx_size);
+		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
 		OPENSSL_free(ctx->md_data);
 		}
 	if(ctx->engine)

crypto/evp/e_idea.c

@@ -109,7 +109,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
 		idea_set_encrypt_key(key,&tmp);
 		idea_set_decrypt_key(&tmp,ctx->cipher_data);
-		memset((unsigned char *)&tmp,0,
+		OPENSSL_cleanse((unsigned char *)&tmp,
 				sizeof(IDEA_KEY_SCHEDULE));
 		}
 	return 1;

crypto/evp/evp_key.c

@@ -103,7 +103,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
 			buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
 	ret = UI_process(ui);
 	UI_free(ui);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return ret;
 	}
 
@@ -168,7 +168,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
 		if ((nkey == 0) && (niv == 0)) break;
 		}
 	EVP_MD_CTX_cleanup(&c);
-	memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
 	return(type->key_len);
 	}
 

crypto/evp/p5_crpt.c

@@ -146,8 +146,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
 	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
 						 EVP_CIPHER_iv_length(cipher));
 	EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
-	memset(md_tmp, 0, EVP_MAX_MD_SIZE);
-	memset(key, 0, EVP_MAX_KEY_LENGTH);
-	memset(iv, 0, EVP_MAX_IV_LENGTH);
+	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
 	return 1;
 }

crypto/evp/p5_crpt2.c

@@ -231,7 +231,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 	iter = ASN1_INTEGER_get(kdf->iter);
 	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
 	EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
-	memset(key, 0, keylen);
+	OPENSSL_cleanse(key, keylen);
 	PBKDF2PARAM_free(kdf);
 	return 1;
 

crypto/evp/p_open.c

@@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
 
 	ret=1;
 err:
-	if (key != NULL) memset(key,0,size);
+	if (key != NULL) OPENSSL_cleanse(key,size);
 	OPENSSL_free(key);
 	return(ret);
 	}