A few more memset()s converted to OPENSSL_cleanse().

I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343

crypto/bn/bn_lib.c

@@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a)
 	if (a == NULL) return;
 	if (a->d != NULL)
 		{
-		memset(a->d,0,a->dmax*sizeof(a->d[0]));
+		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
 		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
 			OPENSSL_free(a->d);
 		}
 	i=BN_get_flags(a,BN_FLG_MALLOCED);
-	memset(a,0,sizeof(BIGNUM));
+	OPENSSL_cleanse(a,sizeof(BIGNUM));
 	if (i)
 		OPENSSL_free(a);
 	}

crypto/bn/bn_rand.c

@@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 err:
 	if (buf != NULL)
 		{
-		memset(buf,0,bytes);
+		OPENSSL_cleanse(buf,bytes);
 		OPENSSL_free(buf);
 		}
 	return(ret);

crypto/evp/evp_enc.c

@@ -454,9 +454,9 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 		{
 		if(c->cipher->cleanup && !c->cipher->cleanup(c))
 			return 0;
-		/* Zero cipher context data */
+		/* Cleanse cipher context data */
 		if (c->cipher_data)
-			memset(c->cipher_data, 0, c->cipher->ctx_size);
+			OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
 		}
 	if (c->cipher_data)
 		OPENSSL_free(c->cipher_data);

crypto/md2/md2_dgst.c

@@ -196,7 +196,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d)
 		t=(t+i)&0xff;
 		}
 	memcpy(sp1,state,16*sizeof(MD2_INT));
-	memset(state,0,48*sizeof(MD2_INT));
+	OPENSSL_cleanse(state,48*sizeof(MD2_INT));
 	}
 
 int MD2_Final(unsigned char *md, MD2_CTX *c)

crypto/md2/md2_one.c

@@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
 	}
 #endif
 	MD2_Final(md,&c);
-	memset(&c,0,sizeof(c));	/* Security consideration */
+	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */
 	return(md);
 	}

crypto/md4/md4_one.c

@@ -89,7 +89,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
 	}
 #endif
 	MD4_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 

crypto/md5/md5_one.c

@@ -89,7 +89,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
 	}
 #endif
 	MD5_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 

crypto/mdc2/mdc2_one.c

@@ -69,7 +69,7 @@ unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md)
 	MDC2_Init(&c);
 	MDC2_Update(&c,d,n);
         MDC2_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 

crypto/pem/pem_lib.c

@@ -343,7 +343,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
 		 * NOT taken from the BytesToKey function */
 		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
 
-		if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 
 		OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
 

ssl/s3_srvr.c

@@ -1717,7 +1717,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,
 				p,i);
-		memset(p,0,i);
+		OPENSSL_cleanse(p,i);
 		}
 	else
 #endif
@@ -1780,7 +1780,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,p,i);
-		memset(p,0,i);
+		OPENSSL_cleanse(p,i);
 		}
 	else
 #endif