diff options
| author |   matthew <matthew@openbsd.org> | 2012-04-25 04:12:27 +0000 |
|---|---|---|
| committer | matthew <matthew@openbsd.org> | 2012-04-25 04:12:27 +0000 |
| commit | 582ae63f442f549496640e733f42e877e8ed5ef7 (patch) | |
| tree | aac239ce97690a1153c530668b5adf02910eee7d | |
| parent | Fix a few inaccuracies (diff) | |
| download | wireguard-openbsd-582ae63f442f549496640e733f42e877e8ed5ef7.tar.xz wireguard-openbsd-582ae63f442f549496640e733f42e877e8ed5ef7.zip | |
Use explicit_bzero() for clearing key material.
Pointed out by Michael W. Bombardieri on tech@.
ok deraadt
| -rw-r--r-- | sys/crypto/cast.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/crypto/cast.c b/sys/crypto/cast.c index e251dfbc022..378d1576623 100644 --- a/sys/crypto/cast.c +++ b/sys/crypto/cast.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cast.c,v 1.3 2005/03/24 11:45:28 hshoexer Exp $ */ +/* $OpenBSD: cast.c,v 1.4 2012/04/25 04:12:27 matthew Exp $ */ /* * CAST-128 in C @@ -8,6 +8,7 @@ */ #include <sys/types.h> +#include <sys/systm.h> #include <crypto/cast.h> #include <crypto/castsb.h> @@ -268,9 +269,9 @@ cast_setkey(cast_key *key, u_int8_t *rawkey, int keybytes) } } /* Wipe clean */ - for (i = 0; i < 4; i++) { - t[i] = x[i] = z[i] = 0; - } + explicit_bzero(t, sizeof(t)); + explicit_bzero(x, sizeof(x)); + explicit_bzero(z, sizeof(z)); } /* Made in Canada */ |