upstream commit

use explicit_bzero() more liberally in the buffer code; ok
 deraadt

Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf

1 files changed, 6 insertions, 6 deletions

diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
index e2e093c00..d0d791b50 100644
--- a/sshbuf-getput-crypto.c
+++ b/sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf-getput-crypto.c,v 1.4 2015/01/14 15:02:39 djm Exp $	*/
+/*	$OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -158,10 +158,10 @@ sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
 	if (len > 0 && (d[1] & 0x80) != 0)
 		prepend = 1;
 	if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
-		bzero(d, sizeof(d));
+		explicit_bzero(d, sizeof(d));
 		return r;
 	}
-	bzero(d, sizeof(d));
+	explicit_bzero(d, sizeof(d));
 	return 0;
 }
 
@@ -177,13 +177,13 @@ sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v)
 	if (BN_bn2bin(v, d) != (int)len_bytes)
 		return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
 	if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
-		bzero(d, sizeof(d));
+		explicit_bzero(d, sizeof(d));
 		return r;
 	}
 	POKE_U16(dp, len_bits);
 	if (len_bytes != 0)
 		memcpy(dp + 2, d, len_bytes);
-	bzero(d, sizeof(d));
+	explicit_bzero(d, sizeof(d));
 	return 0;
 }
 
@@ -210,7 +210,7 @@ sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
 	}
 	BN_CTX_free(bn_ctx);
 	ret = sshbuf_put_string(buf, d, len);
-	bzero(d, len);
+	explicit_bzero(d, len);
 	return ret;
 }