summaryrefslogtreecommitdiff
path: root/lib/libcrypto/pem
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2017-05-02 03:59:46 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2017-05-02 03:59:46 +0000
commitcc4b23eafa00f2d02bd6a5aeb37a603e5616a1b5 (patch)
tree0c263850a80e2d5ef373e8dffa7717aaaa1e4a4a /lib/libcrypto/pem
parentcc386e2f2850053dd843b8a7630c3162a953abc8 (diff)
use freezero() instead of memset/explicit_bzero + free. Substantially
reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
Diffstat (limited to 'lib/libcrypto/pem')
-rw-r--r--lib/libcrypto/pem/pem_lib.c15
-rw-r--r--lib/libcrypto/pem/pem_pkey.c5
-rw-r--r--lib/libcrypto/pem/pvkfmt.c7
3 files changed, 8 insertions, 19 deletions
diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c
index b2c72e1d76f..0f7c36d21c8 100644
--- a/lib/libcrypto/pem/pem_lib.c
+++ b/lib/libcrypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.44 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.45 2017/05/02 03:59:44 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -425,10 +425,7 @@ err:
explicit_bzero(iv, sizeof(iv));
explicit_bzero((char *)&ctx, sizeof(ctx));
explicit_bzero(buf, PEM_BUFSIZE);
- if (data != NULL) {
- explicit_bzero(data, (unsigned int)dsize);
- free(data);
- }
+ freezero(data, (unsigned int)dsize);
return (ret);
}
@@ -626,8 +623,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
EVP_EncodeFinal(&ctx, buf, &outl);
if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
goto err;
- explicit_bzero(buf, PEM_BUFSIZE * 8);
- free(buf);
+ freezero(buf, PEM_BUFSIZE * 8);
buf = NULL;
if ((BIO_write(bp, "-----END ", 9) != 9) ||
(BIO_write(bp, name, nlen) != nlen) ||
@@ -636,10 +632,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
return (i + outl);
err:
- if (buf) {
- explicit_bzero(buf, PEM_BUFSIZE * 8);
- free(buf);
- }
+ freezero(buf, PEM_BUFSIZE * 8);
PEMerror(reason);
return (0);
}
diff --git a/lib/libcrypto/pem/pem_pkey.c b/lib/libcrypto/pem/pem_pkey.c
index 6651ef94195..89181a25f70 100644
--- a/lib/libcrypto/pem/pem_pkey.c
+++ b/lib/libcrypto/pem/pem_pkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_pkey.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: pem_pkey.c,v 1.23 2017/05/02 03:59:44 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -143,8 +143,7 @@ p8err:
PEMerror(ERR_R_ASN1_LIB);
err:
free(nm);
- explicit_bzero(data, len);
- free(data);
+ freezero(data, len);
return (ret);
}
diff --git a/lib/libcrypto/pem/pvkfmt.c b/lib/libcrypto/pem/pvkfmt.c
index 5ed8df585fb..18de5d52a4c 100644
--- a/lib/libcrypto/pem/pvkfmt.c
+++ b/lib/libcrypto/pem/pvkfmt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pvkfmt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: pvkfmt.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
@@ -828,10 +828,7 @@ b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
ret = do_PVK_body(&p, saltlen, keylen, cb, u);
err:
- if (buf) {
- explicit_bzero(buf, buflen);
- free(buf);
- }
+ freezero(buf, buflen);
return ret;
}