Use freezero() rather than OPENSSL_clear_free().

author: jsing <> 2019-08-11 10:43:57 +0000
committer: jsing <> 2019-08-11 10:43:57 +0000
commit: 9b17e135d02d61f0799bf88a83642be82e02660f (patch)
tree: 48d3389f651b99c0b34f82b98e399b0000e62a04
parent: 0fcd567f3f5fd99c93130fc464884b7c714001ff (diff)
download: openbsd-9b17e135d02d61f0799bf88a83642be82e02660f.tar.gz
openbsd-9b17e135d02d61f0799bf88a83642be82e02660f.tar.bz2
openbsd-9b17e135d02d61f0799bf88a83642be82e02660f.zip
5 files changed, 15 insertions, 15 deletions
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
index ab884dcf6e..ac53fec154 100644
--- a/src/lib/libcrypto/cms/cms_asn1.c
+++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_asn1.c,v 1.17 2019/08/11 10:26:04 jsing Exp $ */
+/* $OpenBSD: cms_asn1.c,v 1.18 2019/08/11 10:43:57 jsing Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -932,10 +932,10 @@ cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
                        EVP_PKEY_CTX_free(ktri->pctx);
                } else if (ri->type == CMS_RECIPINFO_KEK) {
                        CMS_KEKRecipientInfo *kekri = ri->d.kekri;
-                        OPENSSL_clear_free(kekri->key, kekri->keylen);
+                        freezero(kekri->key, kekri->keylen);
                } else if (ri->type == CMS_RECIPINFO_PASS) {
                        CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
-                        OPENSSL_clear_free(pwri->pass, pwri->passlen);
+                        freezero(pwri->pass, pwri->passlen);
                }
        }
        return 1;
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
index a032c801f5..5bcae3c1ee 100644
--- a/src/lib/libcrypto/cms/cms_enc.c
+++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_enc.c,v 1.16 2019/08/11 10:41:49 jsing Exp $ */
+/* $OpenBSD: cms_enc.c,v 1.17 2019/08/11 10:43:57 jsing Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -160,7 +160,7 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                            goto err;
                        } else {
                            /* Use random key */
-                            OPENSSL_clear_free(ec->key, ec->keylen);
+                            freezero(ec->key, ec->keylen);
                            ec->key = tkey;
                            ec->keylen = tkeylen;
                            tkey = NULL;
@@ -193,10 +193,10 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 err:
        if (!keep_key || !ok) {
-                OPENSSL_clear_free(ec->key, ec->keylen);
+                freezero(ec->key, ec->keylen);
                ec->key = NULL;
        }
-        OPENSSL_clear_free(tkey, tkeylen);
+        freezero(tkey, tkeylen);
        if (ok)
                return b;
        BIO_free(b);
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
index a27c27f726..c1426b457b 100644
--- a/src/lib/libcrypto/cms/cms_env.c
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_env.c,v 1.19 2019/08/11 10:43:24 jsing Exp $ */
+/* $OpenBSD: cms_env.c,v 1.20 2019/08/11 10:43:57 jsing Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -469,7 +469,7 @@ cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
        ret = 1;
-        OPENSSL_clear_free(ec->key, ec->keylen);
+        freezero(ec->key, ec->keylen);
        ec->key = ek;
        ec->keylen = eklen;
@@ -932,7 +932,7 @@ cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
 err:
        ec->cipher = NULL;
-        OPENSSL_clear_free(ec->key, ec->keylen);
+        freezero(ec->key, ec->keylen);
        ec->key = NULL;
        ec->keylen = 0;
        if (ok)
diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c
index ca3e6d75de..04bca9dce5 100644
--- a/src/lib/libcrypto/cms/cms_kari.c
+++ b/src/lib/libcrypto/cms/cms_kari.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_kari.c,v 1.9 2019/08/11 10:43:24 jsing Exp $ */
+/* $OpenBSD: cms_kari.c,v 1.10 2019/08/11 10:43:57 jsing Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -296,7 +296,7 @@ CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
        if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
                goto err;
        ec = cms->d.envelopedData->encryptedContentInfo;
-        OPENSSL_clear_free(ec->key, ec->keylen);
+        freezero(ec->key, ec->keylen);
        ec->key = cek;
        ec->keylen = ceklen;
        cek = NULL;
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
index 30c5ce0618..918e37c88d 100644
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_pwri.c,v 1.21 2019/08/11 10:41:49 jsing Exp $ */
+/* $OpenBSD: cms_pwri.c,v 1.22 2019/08/11 10:43:57 jsing Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -268,7 +268,7 @@ kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
        rv = 1;
 err:
-        OPENSSL_clear_free(tmp, inlen);
+        freezero(tmp, inlen);
        return rv;
 }
@@ -411,7 +411,7 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
                        goto err;
                }
-                OPENSSL_clear_free(ec->key, ec->keylen);
+                freezero(ec->key, ec->keylen);
                ec->key = key;
                ec->keylen = keylen;
        }
author	jsing <>	2019-08-11 10:43:57 +0000
committer	jsing <>	2019-08-11 10:43:57 +0000
commit	9b17e135d02d61f0799bf88a83642be82e02660f (patch)
tree	48d3389f651b99c0b34f82b98e399b0000e62a04
parent	0fcd567f3f5fd99c93130fc464884b7c714001ff (diff)
download	openbsd-9b17e135d02d61f0799bf88a83642be82e02660f.tar.gz openbsd-9b17e135d02d61f0799bf88a83642be82e02660f.tar.bz2 openbsd-9b17e135d02d61f0799bf88a83642be82e02660f.zip

diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c index ab884dcf6e..ac53fec154 100644 --- a/src/lib/libcrypto/cms/cms_asn1.c +++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cms_asn1.c,v 1.17 2019/08/11 10:26:04 jsing Exp $ */	1	/* $OpenBSD: cms_asn1.c,v 1.18 2019/08/11 10:43:57 jsing Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4	* project.	4	* project.
@@ -932,10 +932,10 @@ cms_ri_cb(int operation, ASN1_VALUE *pval, const ASN1_ITEM it, void *exarg)
932	EVP_PKEY_CTX_free(ktri->pctx);	932	EVP_PKEY_CTX_free(ktri->pctx);
933	} else if (ri->type == CMS_RECIPINFO_KEK) {	933	} else if (ri->type == CMS_RECIPINFO_KEK) {
934	CMS_KEKRecipientInfo *kekri = ri->d.kekri;	934	CMS_KEKRecipientInfo *kekri = ri->d.kekri;
935	OPENSSL_clear_free(kekri->key, kekri->keylen);	935	freezero(kekri->key, kekri->keylen);
936	} else if (ri->type == CMS_RECIPINFO_PASS) {	936	} else if (ri->type == CMS_RECIPINFO_PASS) {
937	CMS_PasswordRecipientInfo *pwri = ri->d.pwri;	937	CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
938	OPENSSL_clear_free(pwri->pass, pwri->passlen);	938	freezero(pwri->pass, pwri->passlen);
939	}	939	}
940	}	940	}
941	return 1;	941	return 1;


diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c index a032c801f5..5bcae3c1ee 100644 --- a/src/lib/libcrypto/cms/cms_enc.c +++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cms_enc.c,v 1.16 2019/08/11 10:41:49 jsing Exp $ */	1	/* $OpenBSD: cms_enc.c,v 1.17 2019/08/11 10:43:57 jsing Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4	* project.	4	* project.
@@ -160,7 +160,7 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
160	goto err;	160	goto err;
161	} else {	161	} else {
162	/* Use random key */	162	/* Use random key */
163	OPENSSL_clear_free(ec->key, ec->keylen);	163	freezero(ec->key, ec->keylen);
164	ec->key = tkey;	164	ec->key = tkey;
165	ec->keylen = tkeylen;	165	ec->keylen = tkeylen;
166	tkey = NULL;	166	tkey = NULL;
@@ -193,10 +193,10 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
193		193
194	err:	194	err:
195	if (!keep_key \|\| !ok) {	195	if (!keep_key \|\| !ok) {
196	OPENSSL_clear_free(ec->key, ec->keylen);	196	freezero(ec->key, ec->keylen);
197	ec->key = NULL;	197	ec->key = NULL;
198	}	198	}
199	OPENSSL_clear_free(tkey, tkeylen);	199	freezero(tkey, tkeylen);
200	if (ok)	200	if (ok)
201	return b;	201	return b;
202	BIO_free(b);	202	BIO_free(b);


diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c index a27c27f726..c1426b457b 100644 --- a/src/lib/libcrypto/cms/cms_env.c +++ b/src/lib/libcrypto/cms/cms_env.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cms_env.c,v 1.19 2019/08/11 10:43:24 jsing Exp $ */	1	/* $OpenBSD: cms_env.c,v 1.20 2019/08/11 10:43:57 jsing Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4	* project.	4	* project.
@@ -469,7 +469,7 @@ cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo cms, CMS_RecipientInfo ri)
469		469
470	ret = 1;	470	ret = 1;
471		471
472	OPENSSL_clear_free(ec->key, ec->keylen);	472	freezero(ec->key, ec->keylen);
473	ec->key = ek;	473	ec->key = ek;
474	ec->keylen = eklen;	474	ec->keylen = eklen;
475		475
@@ -932,7 +932,7 @@ cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
932		932
933	err:	933	err:
934	ec->cipher = NULL;	934	ec->cipher = NULL;
935	OPENSSL_clear_free(ec->key, ec->keylen);	935	freezero(ec->key, ec->keylen);
936	ec->key = NULL;	936	ec->key = NULL;
937	ec->keylen = 0;	937	ec->keylen = 0;
938	if (ok)	938	if (ok)


diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c index ca3e6d75de..04bca9dce5 100644 --- a/src/lib/libcrypto/cms/cms_kari.c +++ b/src/lib/libcrypto/cms/cms_kari.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cms_kari.c,v 1.9 2019/08/11 10:43:24 jsing Exp $ */	1	/* $OpenBSD: cms_kari.c,v 1.10 2019/08/11 10:43:57 jsing Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4	* project.	4	* project.
@@ -296,7 +296,7 @@ CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo cms, CMS_RecipientInfo ri,
296	if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))	296	if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
297	goto err;	297	goto err;
298	ec = cms->d.envelopedData->encryptedContentInfo;	298	ec = cms->d.envelopedData->encryptedContentInfo;
299	OPENSSL_clear_free(ec->key, ec->keylen);	299	freezero(ec->key, ec->keylen);
300	ec->key = cek;	300	ec->key = cek;
301	ec->keylen = ceklen;	301	ec->keylen = ceklen;
302	cek = NULL;	302	cek = NULL;


diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c index 30c5ce0618..918e37c88d 100644 --- a/src/lib/libcrypto/cms/cms_pwri.c +++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cms_pwri.c,v 1.21 2019/08/11 10:41:49 jsing Exp $ */	1	/* $OpenBSD: cms_pwri.c,v 1.22 2019/08/11 10:43:57 jsing Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4	* project.	4	* project.
@@ -268,7 +268,7 @@ kek_unwrap_key(unsigned char out, size_t outlen, const unsigned char *in,
268	rv = 1;	268	rv = 1;
269		269
270	err:	270	err:
271	OPENSSL_clear_free(tmp, inlen);	271	freezero(tmp, inlen);
272		272
273	return rv;	273	return rv;
274	}	274	}
@@ -411,7 +411,7 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo cms, CMS_RecipientInfo ri,
411	goto err;	411	goto err;
412	}	412	}
413		413
414	OPENSSL_clear_free(ec->key, ec->keylen);	414	freezero(ec->key, ec->keylen);
415	ec->key = key;	415	ec->key = key;
416	ec->keylen = keylen;	416	ec->keylen = keylen;
417	}	417	}