Add smemclrs of all hash states we destroy.

diff --git a/sshmd5.c b/sshmd5.c
index b7a03b5e13367d820854c72fd0d08d05a4ddf09a..f34f851dd30a4426301715986f322aa3029edd5e 100644 (file)
--- a/sshmd5.c
+++ b/sshmd5.c
@@ -210,6 +210,7 @@ void MD5Simple(void const *p, unsigned len, unsigned char output[16])
     MD5Init(&s);
     MD5Update(&s, (unsigned char const *)p, len);
     MD5Final(output, &s);
+    smemclr(&s, sizeof(s));
 }
 
 /* ----------------------------------------------------------------------
@@ -227,6 +228,7 @@ void *hmacmd5_make_context(void)
 
 void hmacmd5_free_context(void *handle)
 {
+    smemclr(handle, 3*sizeof(struct MD5Context));
     sfree(handle);
 }
 

diff --git a/sshsh256.c b/sshsh256.c
index fdc8a3a52b7537ccbc78b30f56b54ff9a3849fea..76b77efe2943bbb3eaa4ddabc71f2c6eaa200eb5 100644 (file)
--- a/sshsh256.c
+++ b/sshsh256.c
@@ -184,6 +184,7 @@ void SHA256_Simple(const void *p, int len, unsigned char *output) {
     SHA256_Init(&s);
     SHA256_Bytes(&s, p, len);
     SHA256_Final(&s, output);
+    smemclr(&s, sizeof(s));
 }
 
 /*
@@ -211,6 +212,7 @@ static void sha256_final(void *handle, unsigned char *output)
     SHA256_State *s = handle;
 
     SHA256_Final(s, output);
+    smemclr(s, sizeof(*s));
     sfree(s);
 }
 
@@ -230,6 +232,7 @@ static void *sha256_make_context(void)
 
 static void sha256_free_context(void *handle)
 {
+    smemclr(handle, 3 * sizeof(SHA256_State));
     sfree(handle);
 }
 

diff --git a/sshsh512.c b/sshsh512.c
index cd2b296e63bdf1efed34b2423257f6aa9ef704ed..b734c735de86516dae71764ef485987f9ce8ee2f 100644 (file)
--- a/sshsh512.c
+++ b/sshsh512.c
@@ -306,6 +306,7 @@ void SHA512_Simple(const void *p, int len, unsigned char *output) {
     SHA512_Init(&s);
     SHA512_Bytes(&s, p, len);
     SHA512_Final(&s, output);
+    smemclr(&s, sizeof(s));
 }
 
 void SHA384_Simple(const void *p, int len, unsigned char *output) {
@@ -314,6 +315,7 @@ void SHA384_Simple(const void *p, int len, unsigned char *output) {
     SHA384_Init(&s);
     SHA512_Bytes(&s, p, len);
     SHA384_Final(&s, output);
+    smemclr(&s, sizeof(s));
 }
 
 /*
@@ -341,6 +343,7 @@ static void sha512_final(void *handle, unsigned char *output)
     SHA512_State *s = handle;
 
     SHA512_Final(s, output);
+    smemclr(s, sizeof(*s));
     sfree(s);
 }
 
@@ -362,6 +365,7 @@ static void sha384_final(void *handle, unsigned char *output)
     SHA512_State *s = handle;
 
     SHA384_Final(s, output);
+    smemclr(s, sizeof(*s));
     sfree(s);
 }
 

diff --git a/sshsha.c b/sshsha.c
index 579bf4dea17f0d269e6e71b31dbcd24df0f76ba4..4870bba86ee2f0e04fb2b5afc33b91f35e552ef0 100644 (file)
--- a/sshsha.c
+++ b/sshsha.c
@@ -214,6 +214,7 @@ void SHA_Simple(const void *p, int len, unsigned char *output)
     SHA_Init(&s);
     SHA_Bytes(&s, p, len);
     SHA_Final(&s, output);
+    smemclr(&s, sizeof(s));
 }
 
 /*
@@ -241,6 +242,7 @@ static void sha1_final(void *handle, unsigned char *output)
     SHA_State *s = handle;
 
     SHA_Final(s, output);
+    smemclr(s, sizeof(*s));
     sfree(s);
 }
 
@@ -260,6 +262,7 @@ static void *sha1_make_context(void)
 
 static void sha1_free_context(void *handle)
 {
+    smemclr(handle, 3 * sizeof(SHA_State));
     sfree(handle);
 }