diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2017-05-02 03:59:46 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2017-05-02 03:59:46 +0000 |
commit | cc4b23eafa00f2d02bd6a5aeb37a603e5616a1b5 (patch) | |
tree | 0c263850a80e2d5ef373e8dffa7717aaaa1e4a4a /lib/libcrypto/pem | |
parent | cc386e2f2850053dd843b8a7630c3162a953abc8 (diff) |
use freezero() instead of memset/explicit_bzero + free. Substantially
reduces conditional logic (-218, +82).
MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.
Passes regress. ok beck
Diffstat (limited to 'lib/libcrypto/pem')
-rw-r--r-- | lib/libcrypto/pem/pem_lib.c | 15 | ||||
-rw-r--r-- | lib/libcrypto/pem/pem_pkey.c | 5 | ||||
-rw-r--r-- | lib/libcrypto/pem/pvkfmt.c | 7 |
3 files changed, 8 insertions, 19 deletions
diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c index b2c72e1d76f..0f7c36d21c8 100644 --- a/lib/libcrypto/pem/pem_lib.c +++ b/lib/libcrypto/pem/pem_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_lib.c,v 1.44 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pem_lib.c,v 1.45 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -425,10 +425,7 @@ err: explicit_bzero(iv, sizeof(iv)); explicit_bzero((char *)&ctx, sizeof(ctx)); explicit_bzero(buf, PEM_BUFSIZE); - if (data != NULL) { - explicit_bzero(data, (unsigned int)dsize); - free(data); - } + freezero(data, (unsigned int)dsize); return (ret); } @@ -626,8 +623,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, EVP_EncodeFinal(&ctx, buf, &outl); if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) goto err; - explicit_bzero(buf, PEM_BUFSIZE * 8); - free(buf); + freezero(buf, PEM_BUFSIZE * 8); buf = NULL; if ((BIO_write(bp, "-----END ", 9) != 9) || (BIO_write(bp, name, nlen) != nlen) || @@ -636,10 +632,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, return (i + outl); err: - if (buf) { - explicit_bzero(buf, PEM_BUFSIZE * 8); - free(buf); - } + freezero(buf, PEM_BUFSIZE * 8); PEMerror(reason); return (0); } diff --git a/lib/libcrypto/pem/pem_pkey.c b/lib/libcrypto/pem/pem_pkey.c index 6651ef94195..89181a25f70 100644 --- a/lib/libcrypto/pem/pem_pkey.c +++ b/lib/libcrypto/pem/pem_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_pkey.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pem_pkey.c,v 1.23 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -143,8 +143,7 @@ p8err: PEMerror(ERR_R_ASN1_LIB); err: free(nm); - explicit_bzero(data, len); - free(data); + freezero(data, len); return (ret); } diff --git a/lib/libcrypto/pem/pvkfmt.c b/lib/libcrypto/pem/pvkfmt.c index 5ed8df585fb..18de5d52a4c 100644 --- a/lib/libcrypto/pem/pvkfmt.c +++ b/lib/libcrypto/pem/pvkfmt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pvkfmt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pvkfmt.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -828,10 +828,7 @@ b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) ret = do_PVK_body(&p, saltlen, keylen, cb, u); err: - if (buf) { - explicit_bzero(buf, buflen); - free(buf); - } + freezero(buf, buflen); return ret; } |