diff options
Diffstat (limited to 'lib/libcrypto')
37 files changed, 107 insertions, 234 deletions
diff --git a/lib/libcrypto/asn1/a_object.c b/lib/libcrypto/asn1/a_object.c index 711b01f149e..e10af97d364 100644 --- a/lib/libcrypto/asn1/a_object.c +++ b/lib/libcrypto/asn1/a_object.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_object.c,v 1.29 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: a_object.c,v 1.30 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -231,8 +231,7 @@ i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) return -1; i = i2t_ASN1_OBJECT(tmp, tlen, a); if (i > (int)(tlen - 1)) { - explicit_bzero(tmp, tlen); - free(tmp); + freezero(tmp, tlen); if ((tmp = malloc(i + 1)) == NULL) return -1; tlen = i + 1; @@ -242,8 +241,7 @@ i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) i = BIO_write(bp, "<INVALID>", 9); else i = BIO_write(bp, tmp, i); - explicit_bzero(tmp, tlen); - free(tmp); + freezero(tmp, tlen); return (i); } @@ -319,9 +317,7 @@ c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) /* detach data from object */ data = (unsigned char *)ret->data; - if (data != NULL) - explicit_bzero(data, ret->length); - free(data); + freezero(data, ret->length); data = malloc(length); if (data == NULL) { @@ -380,9 +376,7 @@ ASN1_OBJECT_free(ASN1_OBJECT *a) a->sn = a->ln = NULL; } if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { - if (a->data != NULL) - explicit_bzero((void *)a->data, a->length); - free((void *)a->data); + freezero((void *)a->data, a->length); a->data = NULL; a->length = 0; } diff --git a/lib/libcrypto/asn1/a_sign.c b/lib/libcrypto/asn1/a_sign.c index 4e545eb719a..df955be7456 100644 --- a/lib/libcrypto/asn1/a_sign.c +++ b/lib/libcrypto/asn1/a_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_sign.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: a_sign.c,v 1.23 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -227,13 +227,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, err: EVP_MD_CTX_cleanup(ctx); - if (buf_in != NULL) { - explicit_bzero((char *)buf_in, inl); - free(buf_in); - } - if (buf_out != NULL) { - explicit_bzero((char *)buf_out, outll); - free(buf_out); - } + freezero((char *)buf_in, inl); + freezero((char *)buf_out, outll); return (outl); } diff --git a/lib/libcrypto/asn1/a_verify.c b/lib/libcrypto/asn1/a_verify.c index 8f8e58c0959..6f0cd1080bc 100644 --- a/lib/libcrypto/asn1/a_verify.c +++ b/lib/libcrypto/asn1/a_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_verify.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: a_verify.c,v 1.24 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -148,8 +148,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - explicit_bzero(buf_in, (unsigned int)inl); - free(buf_in); + freezero(buf_in, (unsigned int)inl); if (EVP_DigestVerifyFinal(&ctx, signature->data, (size_t)signature->length) <= 0) { diff --git a/lib/libcrypto/asn1/asn1_lib.c b/lib/libcrypto/asn1/asn1_lib.c index a90873d54ad..852644a7814 100644 --- a/lib/libcrypto/asn1/asn1_lib.c +++ b/lib/libcrypto/asn1/asn1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_lib.c,v 1.38 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: asn1_lib.c,v 1.39 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -401,9 +401,7 @@ ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) { - if (str->data != NULL) - explicit_bzero(str->data, str->length); - free(str->data); + freezero(str->data, str->length); str->data = data; str->length = len; } @@ -436,10 +434,8 @@ ASN1_STRING_free(ASN1_STRING *a) { if (a == NULL) return; - if (a->data != NULL && !(a->flags & ASN1_STRING_FLAG_NDEF)) { - explicit_bzero(a->data, a->length); - free(a->data); - } + if (a->data != NULL && !(a->flags & ASN1_STRING_FLAG_NDEF)) + freezero(a->data, a->length); free(a); } diff --git a/lib/libcrypto/bn/bn_asm.c b/lib/libcrypto/bn/bn_asm.c index 49f0ba5d7b5..993fbb3dc57 100644 --- a/lib/libcrypto/bn/bn_asm.c +++ b/lib/libcrypto/bn/bn_asm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_asm.c,v 1.14 2015/02/25 15:39:49 bcook Exp $ */ +/* $OpenBSD: bn_asm.c,v 1.15 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -989,8 +989,7 @@ enter: } memcpy(rp, tp, num * sizeof(BN_ULONG)); out: - explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG)); - free(tp); + freezero(tp, (num + 2) * sizeof(BN_ULONG)); return 1; } #else @@ -1081,8 +1080,7 @@ bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, } memcpy(rp, tp, num * sizeof(BN_ULONG)); out: - explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG)); - free(tp); + freezero(tp, (num + 2) * sizeof(BN_ULONG)); return 1; } #else diff --git a/lib/libcrypto/bn/bn_exp.c b/lib/libcrypto/bn/bn_exp.c index d388758927f..b778d5d67c7 100644 --- a/lib/libcrypto/bn/bn_exp.c +++ b/lib/libcrypto/bn/bn_exp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp.c,v 1.30 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_exp.c,v 1.31 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -706,12 +706,10 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, numPowers = 1 << window; powerbufLen = sizeof(m->d[0]) * (top * numPowers + ((2*top) > numPowers ? (2*top) : numPowers)); - if ((powerbufFree = malloc(powerbufLen + - MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) + if ((powerbufFree = calloc(powerbufLen + + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH, 1)) == NULL) goto err; - powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); - memset(powerbuf, 0, powerbufLen); /* lay down tmp and am right after powers table */ tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers); @@ -901,10 +899,7 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, err: if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); - if (powerbuf != NULL) { - explicit_bzero(powerbuf, powerbufLen); - free(powerbufFree); - } + freezero(powerbufFree, powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); BN_CTX_end(ctx); return (ret); } diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c index f2736e31c3f..8aeeb5304fa 100644 --- a/lib/libcrypto/bn/bn_lib.c +++ b/lib/libcrypto/bn/bn_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_lib.c,v 1.37 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_lib.c,v 1.38 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -220,10 +220,8 @@ BN_clear_free(BIGNUM *a) if (a == NULL) return; bn_check_top(a); - if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) { - explicit_bzero(a->d, a->dmax * sizeof(a->d[0])); - free(a->d); - } + if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) + freezero(a->d, a->dmax * sizeof(a->d[0])); i = BN_get_flags(a, BN_FLG_MALLOCED); explicit_bzero(a, sizeof(BIGNUM)); if (i) @@ -393,10 +391,8 @@ bn_expand2(BIGNUM *b, int words) BN_ULONG *a = bn_expand_internal(b, words); if (!a) return NULL; - if (b->d) { - explicit_bzero(b->d, b->dmax * sizeof(b->d[0])); - free(b->d); - } + if (b->d) + freezero(b->d, b->dmax * sizeof(b->d[0])); b->d = a; b->dmax = words; } diff --git a/lib/libcrypto/bn/bn_rand.c b/lib/libcrypto/bn/bn_rand.c index 812fa6a5752..86257571400 100644 --- a/lib/libcrypto/bn/bn_rand.c +++ b/lib/libcrypto/bn/bn_rand.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_rand.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: bn_rand.c,v 1.20 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -186,10 +186,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) ret = 1; err: - if (buf != NULL) { - explicit_bzero(buf, bytes); - free(buf); - } + freezero(buf, bytes); bn_check_top(rnd); return (ret); } diff --git a/lib/libcrypto/buffer/buffer.c b/lib/libcrypto/buffer/buffer.c index 5ed893f5f95..f4e84c44780 100644 --- a/lib/libcrypto/buffer/buffer.c +++ b/lib/libcrypto/buffer/buffer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.c,v 1.26 2017/04/09 15:06:20 jsing Exp $ */ +/* $OpenBSD: buffer.c,v 1.27 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -89,10 +89,7 @@ BUF_MEM_free(BUF_MEM *a) if (a == NULL) return; - if (a->data != NULL) { - explicit_bzero(a->data, a->max); - free(a->data); - } + freezero(a->data, a->max); free(a); } diff --git a/lib/libcrypto/dsa/dsa_asn1.c b/lib/libcrypto/dsa/dsa_asn1.c index d7b77470bd0..f7dfaf1d9c4 100644 --- a/lib/libcrypto/dsa/dsa_asn1.c +++ b/lib/libcrypto/dsa/dsa_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_asn1.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: dsa_asn1.c,v 1.20 2017/05/02 03:59:44 deraadt Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -454,10 +454,7 @@ DSA_verify(int type, const unsigned char *dgst, int dgst_len, goto err; ret = DSA_do_verify(dgst, dgst_len, s, dsa); err: - if (derlen > 0) { - explicit_bzero(der, derlen); - free(der); - } + freezero(der, derlen); DSA_SIG_free(s); return ret; } diff --git a/lib/libcrypto/ec/ec_key.c b/lib/libcrypto/ec/ec_key.c index 5a23a9823de..595b88cefc0 100644 --- a/lib/libcrypto/ec/ec_key.c +++ b/lib/libcrypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ec_key.c,v 1.14 2017/05/02 03:59:44 deraadt Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -122,9 +122,7 @@ EC_KEY_free(EC_KEY * r) EC_EX_DATA_free_all_data(&r->method_data); - explicit_bzero((void *) r, sizeof(EC_KEY)); - - free(r); + freezero(r, sizeof(EC_KEY)); } EC_KEY * diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c index baddbf6dc85..0d062111b59 100644 --- a/lib/libcrypto/ec/ec_lib.c +++ b/lib/libcrypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.24 2017/05/02 03:59:44 deraadt Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -151,12 +151,8 @@ EC_GROUP_clear_free(EC_GROUP * group) BN_clear_free(&group->order); BN_clear_free(&group->cofactor); - if (group->seed) { - explicit_bzero(group->seed, group->seed_len); - free(group->seed); - } - explicit_bzero(group, sizeof *group); - free(group); + freezero(group->seed, group->seed_len); + freezero(group, sizeof *group); } @@ -743,8 +739,7 @@ EC_POINT_clear_free(EC_POINT * point) point->meth->point_clear_finish(point); else if (point->meth->point_finish != 0) point->meth->point_finish(point); - explicit_bzero(point, sizeof *point); - free(point); + freezero(point, sizeof *point); } diff --git a/lib/libcrypto/ec/ec_mult.c b/lib/libcrypto/ec/ec_mult.c index e44104d21c3..a565263bb65 100644 --- a/lib/libcrypto/ec/ec_mult.c +++ b/lib/libcrypto/ec/ec_mult.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_mult.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ec_mult.c,v 1.21 2017/05/02 03:59:44 deraadt Exp $ */ /* * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ @@ -177,8 +177,7 @@ ec_pre_comp_clear_free(void *pre_) } free(pre->points); } - explicit_bzero(pre, sizeof *pre); - free(pre); + freezero(pre, sizeof *pre); } diff --git a/lib/libcrypto/ec/ecp_nistp224.c b/lib/libcrypto/ec/ecp_nistp224.c index 38dd83b6d92..fce74578c7e 100644 --- a/lib/libcrypto/ec/ecp_nistp224.c +++ b/lib/libcrypto/ec/ecp_nistp224.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistp224.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecp_nistp224.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */ /* * Written by Emilia Kasper (Google) for the OpenSSL project. */ @@ -1239,8 +1239,7 @@ nistp224_pre_comp_clear_free(void *pre_) if (i > 0) return; - explicit_bzero(pre, sizeof *pre); - free(pre); + freezero(pre, sizeof *pre); } /******************************************************************************/ diff --git a/lib/libcrypto/ec/ecp_nistp256.c b/lib/libcrypto/ec/ecp_nistp256.c index 4771a92efd9..6f3ec3c2505 100644 --- a/lib/libcrypto/ec/ecp_nistp256.c +++ b/lib/libcrypto/ec/ecp_nistp256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistp256.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecp_nistp256.c,v 1.18 2017/05/02 03:59:44 deraadt Exp $ */ /* * Written by Adam Langley (Google) for the OpenSSL project */ @@ -1788,8 +1788,7 @@ nistp256_pre_comp_clear_free(void *pre_) if (i > 0) return; - explicit_bzero(pre, sizeof *pre); - free(pre); + freezero(pre, sizeof *pre); } /******************************************************************************/ diff --git a/lib/libcrypto/ec/ecp_nistp521.c b/lib/libcrypto/ec/ecp_nistp521.c index 22bafe392ff..6dbc2669378 100644 --- a/lib/libcrypto/ec/ecp_nistp521.c +++ b/lib/libcrypto/ec/ecp_nistp521.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistp521.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecp_nistp521.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */ /* * Written by Adam Langley (Google) for the OpenSSL project */ @@ -1679,8 +1679,7 @@ nistp521_pre_comp_clear_free(void *pre_) if (i > 0) return; - explicit_bzero(pre, sizeof(*pre)); - free(pre); + freezero(pre, sizeof(*pre)); } /******************************************************************************/ diff --git a/lib/libcrypto/ec/ecp_nistz256.c b/lib/libcrypto/ec/ecp_nistz256.c index 848f15cb17d..b3b8f74b143 100644 --- a/lib/libcrypto/ec/ecp_nistz256.c +++ b/lib/libcrypto/ec/ecp_nistz256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistz256.c,v 1.2 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecp_nistz256.c,v 1.3 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (c) 2014, Intel Corporation. * * Permission to use, copy, modify, and/or distribute this software for any @@ -1118,11 +1118,9 @@ ecp_nistz256_pre_comp_clear_free(void *pre_) * here, but the only place where we allocate this uses * PRECOMP256_ROW (i.e. 64 P256_POINT_AFFINE) but sets w == 7. */ - explicit_bzero(pre->precomp, 37 * sizeof(PRECOMP256_ROW)); - free(pre->precomp); + freezero(pre->precomp, 37 * sizeof(PRECOMP256_ROW)); } - explicit_bzero(pre, sizeof *pre); - free(pre); + freezero(pre, sizeof *pre); } static int diff --git a/lib/libcrypto/ecdh/ech_lib.c b/lib/libcrypto/ecdh/ech_lib.c index 06e6a1ee221..2846a88612e 100644 --- a/lib/libcrypto/ecdh/ech_lib.c +++ b/lib/libcrypto/ecdh/ech_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_lib.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ech_lib.c,v 1.13 2017/05/02 03:59:44 deraadt Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -182,9 +182,7 @@ ecdh_data_free(void *data) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); - explicit_bzero((void *)r, sizeof(ECDH_DATA)); - - free(r); + freezero(r, sizeof(ECDH_DATA)); } ECDH_DATA * diff --git a/lib/libcrypto/ecdsa/ecs_lib.c b/lib/libcrypto/ecdsa/ecs_lib.c index ca0f51b3663..4fbe1e060b1 100644 --- a/lib/libcrypto/ecdsa/ecs_lib.c +++ b/lib/libcrypto/ecdsa/ecs_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_lib.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecs_lib.c,v 1.12 2017/05/02 03:59:44 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * @@ -169,9 +169,7 @@ ecdsa_data_free(void *data) #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); - explicit_bzero((void *)r, sizeof(ECDSA_DATA)); - - free(r); + freezero(r, sizeof(ECDSA_DATA)); } ECDSA_DATA * diff --git a/lib/libcrypto/ecdsa/ecs_vrf.c b/lib/libcrypto/ecdsa/ecs_vrf.c index a4b627ace65..270af94c0da 100644 --- a/lib/libcrypto/ecdsa/ecs_vrf.c +++ b/lib/libcrypto/ecdsa/ecs_vrf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_vrf.c,v 1.5 2015/02/08 13:35:07 jsing Exp $ */ +/* $OpenBSD: ecs_vrf.c,v 1.6 2017/05/02 03:59:44 deraadt Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -107,10 +107,7 @@ ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); err: - if (derlen > 0) { - explicit_bzero(der, derlen); - free(der); - } + freezero(der, derlen); ECDSA_SIG_free(s); return (ret); } diff --git a/lib/libcrypto/evp/bio_enc.c b/lib/libcrypto/evp/bio_enc.c index 1920c6d1808..7c7cf9a8b37 100644 --- a/lib/libcrypto/evp/bio_enc.c +++ b/lib/libcrypto/evp/bio_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_enc.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */ +/* $OpenBSD: bio_enc.c,v 1.20 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -135,8 +135,7 @@ enc_free(BIO *a) return (0); b = (BIO_ENC_CTX *)a->ptr; EVP_CIPHER_CTX_cleanup(&(b->cipher)); - explicit_bzero(a->ptr, sizeof(BIO_ENC_CTX)); - free(a->ptr); + freezero(a->ptr, sizeof(BIO_ENC_CTX)); a->ptr = NULL; a->init = 0; a->flags = 0; diff --git a/lib/libcrypto/evp/digest.c b/lib/libcrypto/evp/digest.c index ee1f955959c..7471c1e8225 100644 --- a/lib/libcrypto/evp/digest.c +++ b/lib/libcrypto/evp/digest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest.c,v 1.27 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: digest.c,v 1.28 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -193,8 +193,7 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (ctx->digest != type) { if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { - explicit_bzero(ctx->md_data, ctx->digest->ctx_size); - free(ctx->md_data); + freezero(ctx->md_data, ctx->digest->ctx_size); ctx->md_data = NULL; } ctx->digest = type; @@ -360,10 +359,8 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) ctx->digest->cleanup(ctx); if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && - !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { - explicit_bzero(ctx->md_data, ctx->digest->ctx_size); - free(ctx->md_data); - } + !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) + freezero(ctx->md_data, ctx->digest->ctx_size); EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE if (ctx->engine) diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c index 97cb5154a5e..7c713db0269 100644 --- a/lib/libcrypto/evp/e_aes.c +++ b/lib/libcrypto/evp/e_aes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes.c,v 1.33 2017/01/31 13:17:21 inoguchi Exp $ */ +/* $OpenBSD: e_aes.c,v 1.34 2017/05/02 03:59:44 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * @@ -1422,8 +1422,7 @@ aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) { struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; - explicit_bzero(gcm_ctx, sizeof(*gcm_ctx)); - free(gcm_ctx); + freezero(gcm_ctx, sizeof(*gcm_ctx)); } static int diff --git a/lib/libcrypto/evp/e_chacha20poly1305.c b/lib/libcrypto/evp/e_chacha20poly1305.c index e135f9a104d..051d5548b5b 100644 --- a/lib/libcrypto/evp/e_chacha20poly1305.c +++ b/lib/libcrypto/evp/e_chacha20poly1305.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_chacha20poly1305.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: e_chacha20poly1305.c,v 1.16 2017/05/02 03:59:44 deraadt Exp $ */ /* * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org> @@ -83,8 +83,7 @@ aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) { struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; - explicit_bzero(c20_ctx->key, sizeof(c20_ctx->key)); - free(c20_ctx); + freezero(c20_ctx, sizeof(c20_ctx)); } static void diff --git a/lib/libcrypto/evp/p_open.c b/lib/libcrypto/evp/p_open.c index 1eb238dfdec..57a46706b93 100644 --- a/lib/libcrypto/evp/p_open.c +++ b/lib/libcrypto/evp/p_open.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_open.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p_open.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -109,9 +109,7 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ret = 1; err: - if (key != NULL) - explicit_bzero(key, size); - free(key); + freezero(key, size); return (ret); } diff --git a/lib/libcrypto/gost/gostr341001_key.c b/lib/libcrypto/gost/gostr341001_key.c index 0a42a153785..0af39f21bf3 100644 --- a/lib/libcrypto/gost/gostr341001_key.c +++ b/lib/libcrypto/gost/gostr341001_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gostr341001_key.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: gostr341001_key.c,v 1.8 2017/05/02 03:59:44 deraadt Exp $ */ /* * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> * Copyright (c) 2005-2006 Cryptocom LTD @@ -105,8 +105,7 @@ GOST_KEY_free(GOST_KEY *r) EC_POINT_free(r->pub_key); BN_clear_free(r->priv_key); - explicit_bzero((void *)r, sizeof(GOST_KEY)); - free(r); + freezero(r, sizeof(GOST_KEY)); } int diff --git a/lib/libcrypto/hmac/hm_pmeth.c b/lib/libcrypto/hmac/hm_pmeth.c index c5ac6c00c0f..390725fa251 100644 --- a/lib/libcrypto/hmac/hm_pmeth.c +++ b/lib/libcrypto/hmac/hm_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hm_pmeth.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */ +/* $OpenBSD: hm_pmeth.c,v 1.10 2017/05/02 03:59:44 deraadt Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2007. */ @@ -122,12 +122,7 @@ pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) HMAC_PKEY_CTX *hctx = ctx->data; HMAC_CTX_cleanup(&hctx->ctx); - if (hctx->ktmp.data) { - if (hctx->ktmp.length) - explicit_bzero(hctx->ktmp.data, hctx->ktmp.length); - free(hctx->ktmp.data); - hctx->ktmp.data = NULL; - } + freezero(hctx->ktmp.data, hctx->ktmp.length); free(hctx); } diff --git a/lib/libcrypto/malloc-wrapper.c b/lib/libcrypto/malloc-wrapper.c index 6ba0aad7e49..12867387bf7 100644 --- a/lib/libcrypto/malloc-wrapper.c +++ b/lib/libcrypto/malloc-wrapper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: malloc-wrapper.c,v 1.5 2017/04/28 22:46:40 beck Exp $ */ +/* $OpenBSD: malloc-wrapper.c,v 1.6 2017/05/02 03:59:44 deraadt Exp $ */ /* * Copyright (c) 2014 Bob Beck * @@ -165,8 +165,7 @@ CRYPTO_realloc_clean(void *ptr, int old_len, int num, const char *file, ret = malloc(num); if (ret && ptr && old_len > 0) { memcpy(ret, ptr, old_len); - explicit_bzero(ptr, old_len); - free(ptr); + freezero(ptr, old_len); } return ret; } diff --git a/lib/libcrypto/modes/gcm128.c b/lib/libcrypto/modes/gcm128.c index 95ee755f838..c080d9c16ae 100644 --- a/lib/libcrypto/modes/gcm128.c +++ b/lib/libcrypto/modes/gcm128.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gcm128.c,v 1.15 2016/11/04 17:30:30 miod Exp $ */ +/* $OpenBSD: gcm128.c,v 1.16 2017/05/02 03:59:44 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 2010 The OpenSSL Project. All rights reserved. * @@ -1538,8 +1538,5 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) { - if (ctx) { - explicit_bzero(ctx,sizeof(*ctx)); - free(ctx); - } + freezero(ctx, sizeof(*ctx)); } diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c index b2c72e1d76f..0f7c36d21c8 100644 --- a/lib/libcrypto/pem/pem_lib.c +++ b/lib/libcrypto/pem/pem_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_lib.c,v 1.44 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pem_lib.c,v 1.45 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -425,10 +425,7 @@ err: explicit_bzero(iv, sizeof(iv)); explicit_bzero((char *)&ctx, sizeof(ctx)); explicit_bzero(buf, PEM_BUFSIZE); - if (data != NULL) { - explicit_bzero(data, (unsigned int)dsize); - free(data); - } + freezero(data, (unsigned int)dsize); return (ret); } @@ -626,8 +623,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, EVP_EncodeFinal(&ctx, buf, &outl); if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) goto err; - explicit_bzero(buf, PEM_BUFSIZE * 8); - free(buf); + freezero(buf, PEM_BUFSIZE * 8); buf = NULL; if ((BIO_write(bp, "-----END ", 9) != 9) || (BIO_write(bp, name, nlen) != nlen) || @@ -636,10 +632,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, return (i + outl); err: - if (buf) { - explicit_bzero(buf, PEM_BUFSIZE * 8); - free(buf); - } + freezero(buf, PEM_BUFSIZE * 8); PEMerror(reason); return (0); } diff --git a/lib/libcrypto/pem/pem_pkey.c b/lib/libcrypto/pem/pem_pkey.c index 6651ef94195..89181a25f70 100644 --- a/lib/libcrypto/pem/pem_pkey.c +++ b/lib/libcrypto/pem/pem_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_pkey.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pem_pkey.c,v 1.23 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -143,8 +143,7 @@ p8err: PEMerror(ERR_R_ASN1_LIB); err: free(nm); - explicit_bzero(data, len); - free(data); + freezero(data, len); return (ret); } diff --git a/lib/libcrypto/pem/pvkfmt.c b/lib/libcrypto/pem/pvkfmt.c index 5ed8df585fb..18de5d52a4c 100644 --- a/lib/libcrypto/pem/pvkfmt.c +++ b/lib/libcrypto/pem/pvkfmt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pvkfmt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pvkfmt.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -828,10 +828,7 @@ b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) ret = do_PVK_body(&p, saltlen, keylen, cb, u); err: - if (buf) { - explicit_bzero(buf, buflen); - free(buf); - } + freezero(buf, buflen); return ret; } diff --git a/lib/libcrypto/pkcs12/p12_key.c b/lib/libcrypto/pkcs12/p12_key.c index fd710771a54..d419a9d8359 100644 --- a/lib/libcrypto/pkcs12/p12_key.c +++ b/lib/libcrypto/pkcs12/p12_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_key.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: p12_key.c,v 1.26 2017/05/02 03:59:45 deraadt Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -88,10 +88,7 @@ PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, id, iter, n, out, md_type); if (ret <= 0) return 0; - if (unipass) { - explicit_bzero(unipass, uniplen); - free(unipass); - } + freezero(unipass, uniplen); return ret; } diff --git a/lib/libcrypto/pkcs7/pk7_doit.c b/lib/libcrypto/pkcs7/pk7_doit.c index 484620a6863..24ab957b4c1 100644 --- a/lib/libcrypto/pkcs7/pk7_doit.c +++ b/lib/libcrypto/pkcs7/pk7_doit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_doit.c,v 1.41 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: pk7_doit.c,v 1.42 2017/05/02 03:59:45 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -231,10 +231,7 @@ pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri, ret = 1; - if (*pek) { - explicit_bzero(*pek, *peklen); - free(*pek); - } + freezero(*pek, *peklen); *pek = ek; *peklen = eklen; @@ -577,8 +574,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) */ if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { /* Use random key as MMA defence */ - explicit_bzero(ek, eklen); - free(ek); + freezero(ek, eklen); ek = tkey; eklen = tkeylen; tkey = NULL; @@ -589,16 +585,10 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) goto err; - if (ek) { - explicit_bzero(ek, eklen); - free(ek); - ek = NULL; - } - if (tkey) { - explicit_bzero(tkey, tkeylen); - free(tkey); - tkey = NULL; - } + freezero(ek, eklen); + ek = NULL; + freezero(tkey, tkeylen); + tkey = NULL; if (out == NULL) out = etmp; @@ -623,14 +613,8 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (0) { err: - if (ek) { - explicit_bzero(ek, eklen); - free(ek); - } - if (tkey) { - explicit_bzero(tkey, tkeylen); - free(tkey); - } + freezero(ek, eklen); + freezero(tkey, tkeylen); if (out != NULL) BIO_free_all(out); if (btmp != NULL) diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c index f9f620ae230..6c3da0d6562 100644 --- a/lib/libcrypto/rsa/rsa_eay.c +++ b/lib/libcrypto/rsa/rsa_eay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_eay.c,v 1.48 2017/04/28 22:46:40 beck Exp $ */ +/* $OpenBSD: rsa_eay.c,v 1.49 2017/05/02 03:59:45 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -244,10 +244,7 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (buf != NULL) { - explicit_bzero(buf, num); - free(buf); - } + freezero(buf, num); return r; } @@ -468,10 +465,7 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (buf != NULL) { - explicit_bzero(buf, num); - free(buf); - } + freezero(buf, num); return r; } @@ -597,10 +591,7 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (buf != NULL) { - explicit_bzero(buf, num); - free(buf); - } + freezero(buf, num); return r; } @@ -700,10 +691,7 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (buf != NULL) { - explicit_bzero(buf, num); - free(buf); - } + freezero(buf, num); return r; } diff --git a/lib/libcrypto/rsa/rsa_saos.c b/lib/libcrypto/rsa/rsa_saos.c index 10184b6c184..e1fbdcb5dfb 100644 --- a/lib/libcrypto/rsa/rsa_saos.c +++ b/lib/libcrypto/rsa/rsa_saos.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_saos.c,v 1.22 2017/04/28 22:46:40 beck Exp $ */ +/* $OpenBSD: rsa_saos.c,v 1.23 2017/05/02 03:59:45 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -96,8 +96,7 @@ RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len, else *siglen = i; - explicit_bzero(s, (unsigned int)j + 1); - free(s); + freezero(s, (unsigned int)j + 1); return ret; } @@ -137,9 +136,6 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m, ret = 1; err: ASN1_OCTET_STRING_free(sig); - if (s != NULL) { - explicit_bzero(s, (unsigned int)siglen); - free(s); - } + freezero(s, (unsigned int)siglen); return ret; } diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c index 818b88c604b..6e9e869f0a5 100644 --- a/lib/libcrypto/rsa/rsa_sign.c +++ b/lib/libcrypto/rsa/rsa_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_sign.c,v 1.28 2017/04/28 22:46:40 beck Exp $ */ +/* $OpenBSD: rsa_sign.c,v 1.29 2017/05/02 03:59:45 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -135,10 +135,8 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len, else *siglen = i; - if (type != NID_md5_sha1) { - explicit_bzero(tmps, (unsigned int)j + 1); - free(tmps); - } + if (type != NID_md5_sha1) + freezero(tmps, (unsigned int)j + 1); return (ret); } @@ -232,12 +230,8 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, ret = 1; } err: - if (sig != NULL) - X509_SIG_free(sig); - if (s != NULL) { - explicit_bzero(s, (unsigned int)siglen); - free(s); - } + X509_SIG_free(sig); + freezero(s, (unsigned int)siglen); return ret; } |