X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=sshsh512.c;h=bdfc1e9dc71298630dfb444d49f83114136896c8;hb=510f49e405e71ba5c97875e7a019364e1ef5fac9;hp=cd2b296e63bdf1efed34b2423257f6aa9ef704ed;hpb=808e414130f67aa8dd21f6f8164720390bde8746;p=PuTTY.git

diff --git a/sshsh512.c b/sshsh512.c
index cd2b296e..bdfc1e9d 100644
--- a/sshsh512.c
+++ b/sshsh512.c
@@ -306,6 +306,7 @@ void SHA512_Simple(const void *p, int len, unsigned char *output) {
     SHA512_Init(&s);
     SHA512_Bytes(&s, p, len);
     SHA512_Final(&s, output);
+    smemclr(&s, sizeof(s));
 }
 
 void SHA384_Simple(const void *p, int len, unsigned char *output) {
@@ -314,6 +315,7 @@ void SHA384_Simple(const void *p, int len, unsigned char *output) {
     SHA384_Init(&s);
     SHA512_Bytes(&s, p, len);
     SHA384_Final(&s, output);
+    smemclr(&s, sizeof(s));
 }
 
 /*
@@ -329,7 +331,25 @@ static void *sha512_init(void)
     return s;
 }
 
-static void sha512_bytes(void *handle, void *p, int len)
+static void *sha512_copy(const void *vold)
+{
+    const SHA512_State *old = (const SHA512_State *)vold;
+    SHA512_State *s;
+
+    s = snew(SHA512_State);
+    *s = *old;
+    return s;
+}
+
+static void sha512_free(void *handle)
+{
+    SHA512_State *s = handle;
+
+    smemclr(s, sizeof(*s));
+    sfree(s);
+}
+
+static void sha512_bytes(void *handle, const void *p, int len)
 {
     SHA512_State *s = handle;
 
@@ -341,11 +361,12 @@ static void sha512_final(void *handle, unsigned char *output)
     SHA512_State *s = handle;
 
     SHA512_Final(s, output);
-    sfree(s);
+    sha512_free(s);
 }
 
 const struct ssh_hash ssh_sha512 = {
-    sha512_init, sha512_bytes, sha512_final, 64, "SHA-512"
+    sha512_init, sha512_copy, sha512_bytes, sha512_final, sha512_free,
+    64, "SHA-512"
 };
 
 static void *sha384_init(void)
@@ -362,11 +383,13 @@ static void sha384_final(void *handle, unsigned char *output)
     SHA512_State *s = handle;
 
     SHA384_Final(s, output);
+    smemclr(s, sizeof(*s));
     sfree(s);
 }
 
 const struct ssh_hash ssh_sha384 = {
-    sha384_init, sha512_bytes, sha384_final, 48, "SHA-384"
+    sha384_init, sha512_copy, sha512_bytes, sha384_final, sha512_free,
+    48, "SHA-384"
 };
 
 #ifdef TEST