diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2017-04-28 22:38:52 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2017-04-28 22:38:52 +0000 |
| commit | 86b3412dff5764e5d16dd6ea7f99c950d171a4e0 (patch) | |
| tree | 84f3049cad681852a553a026ea007a018c46bdb2 | |
| parent | 0efd2df514b59e904db74b5c86d95b4de261fda2 (diff) | |
*** empty log message ***
| -rw-r--r-- | lib/libcrypto/malloc-wrapper.c | 5 | ||||
| -rw-r--r-- | lib/libcrypto/rsa/rsa_eay.c | 26 | ||||
| -rw-r--r-- | lib/libcrypto/rsa/rsa_saos.c | 12 | ||||
| -rw-r--r-- | lib/libcrypto/rsa/rsa_sign.c | 16 | ||||
| -rw-r--r-- | lib/libcrypto/x509/x509_vfy.c | 12 |
5 files changed, 25 insertions, 46 deletions
diff --git a/lib/libcrypto/malloc-wrapper.c b/lib/libcrypto/malloc-wrapper.c index 68af8182309..d69b0251736 100644 --- a/lib/libcrypto/malloc-wrapper.c +++ b/lib/libcrypto/malloc-wrapper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: malloc-wrapper.c,v 1.3 2014/04/20 14:32:19 jsing Exp $ */ +/* $OpenBSD: malloc-wrapper.c,v 1.4 2017/04/28 22:38:51 beck Exp $ */ /* * Copyright (c) 2014 Bob Beck * @@ -165,8 +165,7 @@ CRYPTO_realloc_clean(void *ptr, int old_len, int num, const char *file, ret = malloc(num); if (ret && ptr && old_len > 0) { memcpy(ret, ptr, old_len); - explicit_bzero(ptr, old_len); - free(ptr); + freezero(ptr, old_len); } return ret; } diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c index 90a3be8dd33..128269a81a1 100644 --- a/lib/libcrypto/rsa/rsa_eay.c +++ b/lib/libcrypto/rsa/rsa_eay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_eay.c,v 1.46 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: rsa_eay.c,v 1.47 2017/04/28 22:38:51 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -244,10 +244,8 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (buf != NULL) { - explicit_bzero(buf, num); - free(buf); - } + freezero(buf, num); + return r; } @@ -468,10 +466,8 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (buf != NULL) { - explicit_bzero(buf, num); - free(buf); - } + freezero(buf, num); + return r; } @@ -597,10 +593,8 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (buf != NULL) { - explicit_bzero(buf, num); - free(buf); - } + freezero(buf, num); + return r; } @@ -700,10 +694,8 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (buf != NULL) { - explicit_bzero(buf, num); - free(buf); - } + freezero(buf, num); + return r; } diff --git a/lib/libcrypto/rsa/rsa_saos.c b/lib/libcrypto/rsa/rsa_saos.c index 179217c2362..50522b972a0 100644 --- a/lib/libcrypto/rsa/rsa_saos.c +++ b/lib/libcrypto/rsa/rsa_saos.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_saos.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: rsa_saos.c,v 1.21 2017/04/28 22:38:51 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -96,8 +96,8 @@ RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len, else *siglen = i; - explicit_bzero(s, (unsigned int)j + 1); - free(s); + freezero(s, (unsigned int)j + 1); + return ret; } @@ -137,9 +137,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m, ret = 1; err: ASN1_OCTET_STRING_free(sig); - if (s != NULL) { - explicit_bzero(s, (unsigned int)siglen); - free(s); - } + freezero(s, siglen); + return ret; } diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c index 52cbc3dfe35..618ec155cc3 100644 --- a/lib/libcrypto/rsa/rsa_sign.c +++ b/lib/libcrypto/rsa/rsa_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_sign.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: rsa_sign.c,v 1.27 2017/04/28 22:38:51 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -135,10 +135,9 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len, else *siglen = i; - if (type != NID_md5_sha1) { - explicit_bzero(tmps, (unsigned int)j + 1); - free(tmps); - } + if (type != NID_md5_sha1) + freezero(tmps, (unsigned int)j + 1); + return (ret); } @@ -234,10 +233,9 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, err: if (sig != NULL) X509_SIG_free(sig); - if (s != NULL) { - explicit_bzero(s, (unsigned int)siglen); - free(s); - } + + freezero(s, (unsigned int)siglen); + return ret; } diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index fbed5ec8007..09d33d4cf1a 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.62 2017/04/28 22:38:51 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -541,15 +541,7 @@ X509_verify_cert(X509_STORE_CTX *ctx) /* Safety net, error returns must set ctx->error */ if (ok <= 0 && ctx->error == X509_V_OK) ctx->error = X509_V_ERR_UNSPECIFIED; - - /* - * Safety net, if user provided verify callback indicates sucess - * make sure they have set error to X509_V_OK - */ - if (ctx->verify_cb != null_callback && ok == 1) - ctx->error = X509_V_OK; - - return(ctx->error == X509_V_OK); + return ok; } /* Given a STACK_OF(X509) find the issuer of cert (if any) |