* blowfish.c (burn_stack), cast5.c (burn_stack), des.c (burn_stack), md5.c

(burn_stack), random.c (burn_stack, read_pool, fast_random_poll),
rijndael.c (burn_stack), rmd160.c (burn_stack), rndegd.c
(rndegd_gather_random), rndlinux.c (rndlinux_gather_random), rndriscos.c
(rndriscos_gather_random), sha1.c (burn_stack), tiger.c (burn_stack),
twofish.c (burn_stack): Replace various calls to memset() with the more
secure wipememory().

cipher/ChangeLog

@@ -1,3 +1,14 @@
+2002-11-06  David Shaw  <dshaw@jabberwocky.com>
+
+	* blowfish.c (burn_stack), cast5.c (burn_stack), des.c
+	(burn_stack), md5.c (burn_stack), random.c (burn_stack, read_pool,
+	fast_random_poll), rijndael.c (burn_stack), rmd160.c (burn_stack),
+	rndegd.c (rndegd_gather_random), rndlinux.c
+	(rndlinux_gather_random), rndriscos.c (rndriscos_gather_random),
+	sha1.c (burn_stack), tiger.c (burn_stack), twofish.c (burn_stack):
+	Replace various calls to memset() with the more secure
+	wipememory().
+
 2002-10-21  Werner Koch  <wk@gnupg.org>
 
 	* rndw32.c [__CYGWIN32__]: Don't include winioctl.h - it is not

cipher/blowfish.c

@@ -35,6 +35,7 @@
 #include <string.h>
 #include <assert.h>
 #include "types.h"
+#include "util.h"
 #include "errors.h"
 #include "algorithms.h"
 
@@ -282,7 +283,7 @@ burn_stack (int bytes)
 {
     char buf[64];
     
-    memset (buf, 0, sizeof buf);
+    wipememory(buf,sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);

cipher/cast5.c

@@ -40,6 +40,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include "types.h"
+#include "util.h"
 #include "errors.h"
 #include "algorithms.h"
 
@@ -359,7 +360,7 @@ burn_stack (int bytes)
 {
     char buf[64];
     
-    memset (buf, 0, sizeof buf);
+    wipememory(buf,sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);

cipher/des.c

@@ -115,6 +115,7 @@
 #include <stdio.h>
 #include <string.h>	       /* memcpy, memcmp */
 #include "types.h"             /* for byte and u32 typedefs */
+#include "util.h"
 #include "errors.h"
 #include "algorithms.h"
 
@@ -453,7 +454,7 @@ burn_stack (int bytes)
 {
     char buf[64];
     
-    memset (buf, 0, sizeof buf);
+    wipememory(buf,sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);

cipher/md5.c

@@ -78,7 +78,7 @@ burn_stack (int bytes)
 {
     char buf[128];
     
-    memset (buf, 0, sizeof buf);
+    wipememory(buf,sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);

cipher/random.c

@@ -205,7 +205,7 @@ burn_stack (int bytes)
 {
     char buf[128];
     
-    memset (buf, 0, sizeof buf);
+    wipememory(buf,sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);
@@ -564,7 +564,7 @@ read_pool( byte *buffer, size_t length, int level )
 	if( pool_balance < 0 )
 	    pool_balance = 0;
 	/* and clear the keypool */
-	memset( keypool, 0, POOLSIZE );
+	wipememory(keypool, POOLSIZE);
     }
 }
 
@@ -673,7 +673,7 @@ fast_random_poll()
         getrusage( RUSAGE_SELF, &buf );
         
 	add_randomness( &buf, sizeof buf, 1 );
-	memset( &buf, 0, sizeof buf );
+	wipememory( &buf, sizeof buf );
     }
     #endif
   #endif

cipher/rijndael.c

@@ -1713,7 +1713,7 @@ burn_stack (int bytes)
 {
     char buf[64];
     
-    memset (buf, 0, sizeof buf);
+    wipememory(buf,sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);

cipher/rmd160.c

@@ -146,7 +146,7 @@ burn_stack (int bytes)
 {
     char buf[150];
     
-    memset (buf, 0, sizeof buf);
+    wipememory(buf,sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);

cipher/rndegd.c

@@ -221,7 +221,7 @@ rndegd_gather_random( void (*add)(const void*, size_t, int), int requester,
 	(*add)( buffer, n, requester );
 	length -= n;
     }
-    memset(buffer, 0, sizeof(buffer) );
+    wipememory(buffer, sizeof(buffer) );
 
     return 0; /* success */
 }

cipher/rndlinux.c

@@ -156,7 +156,7 @@ _("\n"
 	(*add)( buffer, n, requester );
 	length -= n;
     }
-    memset(buffer, 0, sizeof(buffer) );
+    wipememory(buffer, sizeof(buffer) );
 
     return 0; /* success */
 }

cipher/rndriscos.c

@@ -87,7 +87,7 @@ rndriscos_gather_random(void (*add)(const void*, size_t, int), int requester,
 	(*add)(buffer, n, requester);
 	length -= n;
     }
-    memset(buffer, 0, sizeof(buffer));
+    wipememory(buffer, sizeof(buffer));
 
     return 0; /* success */
 }

cipher/sha1.c

@@ -54,7 +54,7 @@ burn_stack (int bytes)
 {
     char buf[128];
     
-    memset (buf, 0, sizeof buf);
+    wipememory(buf,sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);

cipher/tiger.c

@@ -635,7 +635,7 @@ burn_stack (int bytes)
 {
     char buf[256];
     
-    memset (buf, 0, sizeof buf);
+    wipememory(buf,sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);

cipher/twofish.c

@@ -550,7 +550,7 @@ burn_stack (int bytes)
 {
     char buf[64];
     
-    memset (buf, 0, sizeof buf);
+    wipememory(buf,sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);