Add smemclrs of all hash states we destroy.

(cherry picked from commit 16c46ecdaf71e4c9dddcd933778f02d78425f6a5)

Conflicts:
	sshsh512.c

Cherry-picker's notes: the conflict was because the original commit
also added smemclrs to SHA384_Simple and the ssh_hash structures for
SHA-384 and SHA-512, none of which exists on this branch so those
changes are irrelevant.

diff --git a/sshmd5.c b/sshmd5.c
index 493db12cb68ac7233e4097de8841f48b2aba9272..ca5c426cc4de9b4290b1106917922b42b2ae3f11 100644 (file)
--- a/sshmd5.c
+++ b/sshmd5.c
@@ -210,6 +210,7 @@ void MD5Simple(void const *p, unsigned len, unsigned char output[16])
     MD5Init(&s);
     MD5Update(&s, (unsigned char const *)p, len);
     MD5Final(output, &s);
+    smemclr(&s, sizeof(s));
 }
 
 /* ----------------------------------------------------------------------
@@ -227,6 +228,7 @@ void *hmacmd5_make_context(void)
 
 void hmacmd5_free_context(void *handle)
 {
+    smemclr(handle, 3*sizeof(struct MD5Context));
     sfree(handle);
 }
 

diff --git a/sshsh256.c b/sshsh256.c
index 85bfeee2288f482bc06cd535b02c1c470f030d0d..2f7b52ba422f7a074299bfed72fccd39dcf6cbc8 100644 (file)
--- a/sshsh256.c
+++ b/sshsh256.c
@@ -184,6 +184,7 @@ void SHA256_Simple(const void *p, int len, unsigned char *output) {
     SHA256_Init(&s);
     SHA256_Bytes(&s, p, len);
     SHA256_Final(&s, output);
+    smemclr(&s, sizeof(s));
 }
 
 /*
@@ -211,6 +212,7 @@ static void sha256_final(void *handle, unsigned char *output)
     SHA256_State *s = handle;
 
     SHA256_Final(s, output);
+    smemclr(s, sizeof(*s));
     sfree(s);
 }
 
@@ -230,6 +232,7 @@ static void *sha256_make_context(void)
 
 static void sha256_free_context(void *handle)
 {
+    smemclr(handle, 3 * sizeof(SHA256_State));
     sfree(handle);
 }
 

diff --git a/sshsh512.c b/sshsh512.c
index 8d0b1ae3629791d3e52dbf2bb5e220f59a0c2157..eef733e67c8f55b986850f70ee4c0bdb71f48208 100644 (file)
--- a/sshsh512.c
+++ b/sshsh512.c
@@ -274,6 +274,7 @@ void SHA512_Simple(const void *p, int len, unsigned char *output) {
     SHA512_Init(&s);
     SHA512_Bytes(&s, p, len);
     SHA512_Final(&s, output);
+    smemclr(&s, sizeof(s));
 }
 
 #ifdef TEST

diff --git a/sshsha.c b/sshsha.c
index 31d6daa992d11988ab68ebe24caeddbe9041c440..747e44140ad4cb47997c36ab68bc67705fd7936e 100644 (file)
--- a/sshsha.c
+++ b/sshsha.c
@@ -214,6 +214,7 @@ void SHA_Simple(const void *p, int len, unsigned char *output)
     SHA_Init(&s);
     SHA_Bytes(&s, p, len);
     SHA_Final(&s, output);
+    smemclr(&s, sizeof(s));
 }
 
 /*
@@ -241,6 +242,7 @@ static void sha1_final(void *handle, unsigned char *output)
     SHA_State *s = handle;
 
     SHA_Final(s, output);
+    smemclr(s, sizeof(*s));
     sfree(s);
 }
 
@@ -260,6 +262,7 @@ static void *sha1_make_context(void)
 
 static void sha1_free_context(void *handle)
 {
+    smemclr(handle, 3 * sizeof(SHA_State));
     sfree(handle);
 }