diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2018-02-14 16:03:33 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2018-02-14 16:03:33 +0000 |
| commit | 515c7fedf12cdc75c30db71b81c73c8df432e1f1 (patch) | |
| tree | 4cfe4d9140cb71fcc76dd4ff53f5fb488df6ccb6 /usr.bin | |
| parent | 3d0df229bcf676aa5fa15d911539ecd9ad3c8d73 (diff) | |
Some obvious freezero() conversions.
This also zeros an ed25519_pk when it was not being zeroed previously.
ok djm@ dtucker@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/sshkey.c | 37 |
1 files changed, 11 insertions, 26 deletions
diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index 20f4fb2af26..2e9cdaaa82e 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.60 2018/02/07 02:06:51 jsing Exp $ */ +/* $OpenBSD: sshkey.c,v 1.61 2018/02/14 16:03:32 jsing Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -400,8 +400,7 @@ cert_free(struct sshkey_cert *cert) free(cert->principals[i]); free(cert->principals); sshkey_free(cert->signature_key); - explicit_bzero(cert, sizeof(*cert)); - free(cert); + freezero(cert, sizeof(*cert)); } static struct sshkey_cert * @@ -572,16 +571,10 @@ sshkey_free(struct sshkey *k) #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: - if (k->ed25519_pk) { - explicit_bzero(k->ed25519_pk, ED25519_PK_SZ); - free(k->ed25519_pk); - k->ed25519_pk = NULL; - } - if (k->ed25519_sk) { - explicit_bzero(k->ed25519_sk, ED25519_SK_SZ); - free(k->ed25519_sk); - k->ed25519_sk = NULL; - } + freezero(k->ed25519_pk, ED25519_PK_SZ); + k->ed25519_pk = NULL; + freezero(k->ed25519_sk, ED25519_SK_SZ); + k->ed25519_sk = NULL; break; case KEY_UNSPEC: break; @@ -590,8 +583,7 @@ sshkey_free(struct sshkey *k) } if (sshkey_is_cert(k)) cert_free(k->cert); - explicit_bzero(k, sizeof(*k)); - free(k); + freezero(k, sizeof(*k)); } static int @@ -880,8 +872,7 @@ fingerprint_b64(const char *alg, u_char *dgst_raw, size_t dgst_raw_len) return ret; if ((r = b64_ntop(dgst_raw, dgst_raw_len, ret + plen, rlen - plen)) == -1) { - explicit_bzero(ret, rlen); - free(ret); + freezero(ret, rlen); return NULL; } /* Trim padding characters from end */ @@ -1244,7 +1235,7 @@ sshkey_read(struct sshkey *ret, char **cpp) break; #endif /* WITH_OPENSSL */ case KEY_ED25519: - free(ret->ed25519_pk); + freezero(ret->ed25519_pk, ED25519_PK_SZ); ret->ed25519_pk = k->ed25519_pk; k->ed25519_pk = NULL; #ifdef DEBUG_PK @@ -2704,14 +2695,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) BN_clear_free(exponent); #endif /* WITH_OPENSSL */ sshkey_free(k); - if (ed25519_pk != NULL) { - explicit_bzero(ed25519_pk, pklen); - free(ed25519_pk); - } - if (ed25519_sk != NULL) { - explicit_bzero(ed25519_sk, sklen); - free(ed25519_sk); - } + freezero(ed25519_pk, pklen); + freezero(ed25519_sk, sklen); return r; } |