===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/sshconnect1.c,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- src/usr.bin/ssh/Attic/sshconnect1.c	2014/01/27 19:18:54	1.73
+++ src/usr.bin/ssh/Attic/sshconnect1.c	2014/02/02 03:44:32	1.74
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.73 2014/01/27 19:18:54 markus Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.74 2014/02/02 03:44:32 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -117,7 +117,7 @@
 			 * return a wrong value.
 			 */
 			logit("Authentication agent failed to decrypt challenge.");
-			memset(response, 0, sizeof(response));
+			explicit_bzero(response, sizeof(response));
 		}
 		key_free(key);
 		debug("Sending response to RSA challenge.");
@@ -192,9 +192,9 @@
 	packet_send();
 	packet_write_wait();
 
-	memset(buf, 0, sizeof(buf));
-	memset(response, 0, sizeof(response));
-	memset(&md, 0, sizeof(md));
+	explicit_bzero(buf, sizeof(buf));
+	explicit_bzero(response, sizeof(response));
+	explicit_bzero(&md, sizeof(md));
 }
 
 /*
@@ -268,7 +268,7 @@
 				debug2("no passphrase given, try next key");
 				quit = 1;
 			}
-			memset(passphrase, 0, strlen(passphrase));
+			explicit_bzero(passphrase, strlen(passphrase));
 			free(passphrase);
 			if (private != NULL || quit)
 				break;
@@ -424,7 +424,7 @@
 		}
 		packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
 		ssh_put_password(response);
-		memset(response, 0, strlen(response));
+		explicit_bzero(response, strlen(response));
 		free(response);
 		packet_send();
 		packet_write_wait();
@@ -457,7 +457,7 @@
 		password = read_passphrase(prompt, 0);
 		packet_start(SSH_CMSG_AUTH_PASSWORD);
 		ssh_put_password(password);
-		memset(password, 0, strlen(password));
+		explicit_bzero(password, strlen(password));
 		free(password);
 		packet_send();
 		packet_write_wait();
@@ -649,8 +649,11 @@
 	/* Set the encryption key. */
 	packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, options.cipher);
 
-	/* We will no longer need the session key here.  Destroy any extra copies. */
-	memset(session_key, 0, sizeof(session_key));
+	/*
+	 * We will no longer need the session key here.
+	 * Destroy any extra copies.
+	 */
+	explicit_bzero(session_key, sizeof(session_key));
 
 	/*
 	 * Expect a success message from the server.  Note that this message