use freezero() instead of memset/explicit_bzero + free. Substantially

reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
author: deraadt <> 2017-05-02 03:59:45 +0000
committer: deraadt <> 2017-05-02 03:59:45 +0000
commit: 2b561cb0e87f2ee535e8c64907883cd275ad3fec (patch)
tree: bb9d050c5c2984047e6475e087694d6764f24157 /src/lib/libcrypto/asn1/a_object.c
parent: 024e2580a5280d4df3724dab76ce52e14fe2060c (diff)
download: openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.tar.gz
openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.tar.bz2
openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.zip
1 files changed, 5 insertions, 11 deletions
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
index 711b01f149..e10af97d36 100644
--- a/src/lib/libcrypto/asn1/a_object.c
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_object.c,v 1.29 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: a_object.c,v 1.30 2017/05/02 03:59:44 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -231,8 +231,7 @@ i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
                return -1;
        i = i2t_ASN1_OBJECT(tmp, tlen, a);
        if (i > (int)(tlen - 1)) {
-                explicit_bzero(tmp, tlen);
+                freezero(tmp, tlen);
-                free(tmp);
                if ((tmp = malloc(i + 1)) == NULL)
                        return -1;
                tlen = i + 1;
@@ -242,8 +241,7 @@ i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
                i = BIO_write(bp, "<INVALID>", 9);
        else
                i = BIO_write(bp, tmp, i);
-        explicit_bzero(tmp, tlen);
+        freezero(tmp, tlen);
-        free(tmp);
        return (i);
 }
@@ -319,9 +317,7 @@ c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
        /* detach data from object */
        data = (unsigned char *)ret->data;
-        if (data != NULL)
+        freezero(data, ret->length);
-                explicit_bzero(data, ret->length);
-        free(data);
        data = malloc(length);
        if (data == NULL) {
@@ -380,9 +376,7 @@ ASN1_OBJECT_free(ASN1_OBJECT *a)
                a->sn = a->ln = NULL;
        }
        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
-                if (a->data != NULL)
+                freezero((void *)a->data, a->length);
-                        explicit_bzero((void *)a->data, a->length);
-                free((void *)a->data);
                a->data = NULL;
                a->length = 0;
        }
author	deraadt <>	2017-05-02 03:59:45 +0000
committer	deraadt <>	2017-05-02 03:59:45 +0000
commit	2b561cb0e87f2ee535e8c64907883cd275ad3fec (patch)
tree	bb9d050c5c2984047e6475e087694d6764f24157 /src/lib/libcrypto/asn1/a_object.c
parent	024e2580a5280d4df3724dab76ce52e14fe2060c (diff)
download	openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.tar.gz openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.tar.bz2 openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.zip