use freezero() instead of memset/explicit_bzero + free. Substantially

reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
author: deraadt <> 2017-05-02 03:59:45 +0000
committer: deraadt <> 2017-05-02 03:59:45 +0000
commit: 5904cc0e04409fde39a97e6580535da34eeb4291 (patch)
tree: bb9d050c5c2984047e6475e087694d6764f24157 /src/lib/libcrypto/evp/e_aes.c
parent: b3449a25972849293bca9a6fc6581f37f6e0faf6 (diff)
download: openbsd-5904cc0e04409fde39a97e6580535da34eeb4291.tar.gz
openbsd-5904cc0e04409fde39a97e6580535da34eeb4291.tar.bz2
openbsd-5904cc0e04409fde39a97e6580535da34eeb4291.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 97cb5154a5..7c713db026 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.33 2017/01/31 13:17:21 inoguchi Exp $ */
+/* $OpenBSD: e_aes.c,v 1.34 2017/05/02 03:59:44 deraadt Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -1422,8 +1422,7 @@ aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx)
 {
        struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
-        explicit_bzero(gcm_ctx, sizeof(*gcm_ctx));
+        freezero(gcm_ctx, sizeof(*gcm_ctx));
-        free(gcm_ctx);
 }
 static int
author	deraadt <>	2017-05-02 03:59:45 +0000
committer	deraadt <>	2017-05-02 03:59:45 +0000
commit	5904cc0e04409fde39a97e6580535da34eeb4291 (patch)
tree	bb9d050c5c2984047e6475e087694d6764f24157 /src/lib/libcrypto/evp/e_aes.c
parent	b3449a25972849293bca9a6fc6581f37f6e0faf6 (diff)
download	openbsd-5904cc0e04409fde39a97e6580535da34eeb4291.tar.gz openbsd-5904cc0e04409fde39a97e6580535da34eeb4291.tar.bz2 openbsd-5904cc0e04409fde39a97e6580535da34eeb4291.zip