X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/5a22e651ba3a0c363ed30ffb4f2ea1f12d6abe78..HEAD:/sshdes.c

diff --git a/sshdes.c b/sshdes.c
index 8c3ab72e..03d2b3ae 100644
--- a/sshdes.c
+++ b/sshdes.c
@@ -858,7 +858,7 @@ void des3_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
     des_key_setup(GET_32BIT_MSB_FIRST(key),
 		  GET_32BIT_MSB_FIRST(key + 4), &ourkeys[2]);
     des_3cbc_decrypt(blk, len, ourkeys);
-    memset(ourkeys, 0, sizeof(ourkeys));
+    smemclr(ourkeys, sizeof(ourkeys));
 }
 
 void des3_encrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
@@ -871,7 +871,7 @@ void des3_encrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
     des_key_setup(GET_32BIT_MSB_FIRST(key),
 		  GET_32BIT_MSB_FIRST(key + 4), &ourkeys[2]);
     des_3cbc_encrypt(blk, len, ourkeys);
-    memset(ourkeys, 0, sizeof(ourkeys));
+    smemclr(ourkeys, sizeof(ourkeys));
 }
 
 void des3_decrypt_pubkey_ossh(unsigned char *key, unsigned char *iv,
@@ -887,7 +887,7 @@ void des3_decrypt_pubkey_ossh(unsigned char *key, unsigned char *iv,
     ourkeys[0].iv0 = GET_32BIT_MSB_FIRST(iv);
     ourkeys[0].iv1 = GET_32BIT_MSB_FIRST(iv+4);
     des_cbc3_decrypt(blk, len, ourkeys);
-    memset(ourkeys, 0, sizeof(ourkeys));
+    smemclr(ourkeys, sizeof(ourkeys));
 }
 
 void des3_encrypt_pubkey_ossh(unsigned char *key, unsigned char *iv,
@@ -903,7 +903,7 @@ void des3_encrypt_pubkey_ossh(unsigned char *key, unsigned char *iv,
     ourkeys[0].iv0 = GET_32BIT_MSB_FIRST(iv);
     ourkeys[0].iv1 = GET_32BIT_MSB_FIRST(iv+4);
     des_cbc3_encrypt(blk, len, ourkeys);
-    memset(ourkeys, 0, sizeof(ourkeys));
+    smemclr(ourkeys, sizeof(ourkeys));
 }
 
 static void des_keysetup_xdmauth(unsigned char *keydata, DESContext *dc)
@@ -959,7 +959,7 @@ static const struct ssh2_cipher ssh_3des_ssh2_ctr = {
 
 /*
  * Single DES in SSH-2. "des-cbc" is marked as HISTORIC in
- * draft-ietf-secsh-assignednumbers-04.txt, referring to
+ * RFC 4250, referring to
  * FIPS-46-3.  ("Single DES (i.e., DES) will be permitted 
  * for legacy systems only.") , but ssh.com support it and 
  * apparently aren't the only people to do so, so we sigh