use freezero() instead of memset/explicit_bzero + free. Substantially

reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck
author: deraadt <> 2017-05-02 03:59:45 +0000
committer: deraadt <> 2017-05-02 03:59:45 +0000
commit: 2b561cb0e87f2ee535e8c64907883cd275ad3fec (patch)
tree: bb9d050c5c2984047e6475e087694d6764f24157 /src/lib/libcrypto/evp
parent: 024e2580a5280d4df3724dab76ce52e14fe2060c (diff)
download: openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.tar.gz
openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.tar.bz2
openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.zip
5 files changed, 12 insertions, 20 deletions
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
index 1920c6d180..7c7cf9a8b3 100644
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ b/src/lib/libcrypto/evp/bio_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_enc.c,v 1.19 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: bio_enc.c,v 1.20 2017/05/02 03:59:44 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -135,8 +135,7 @@ enc_free(BIO *a)
                return (0);
        b = (BIO_ENC_CTX *)a->ptr;
        EVP_CIPHER_CTX_cleanup(&(b->cipher));
-        explicit_bzero(a->ptr, sizeof(BIO_ENC_CTX));
+        freezero(a->ptr, sizeof(BIO_ENC_CTX));
-        free(a->ptr);
        a->ptr = NULL;
        a->init = 0;
        a->flags = 0;
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index ee1f955959..7471c1e822 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest.c,v 1.27 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: digest.c,v 1.28 2017/05/02 03:59:44 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -193,8 +193,7 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
        if (ctx->digest != type) {
                if (ctx->digest && ctx->digest->ctx_size && ctx->md_data &&
                    !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
-                        explicit_bzero(ctx->md_data, ctx->digest->ctx_size);
+                        freezero(ctx->md_data, ctx->digest->ctx_size);
-                        free(ctx->md_data);
                        ctx->md_data = NULL;
                }
                ctx->digest = type;
@@ -360,10 +359,8 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
            !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
                ctx->digest->cleanup(ctx);
        if (ctx->digest && ctx->digest->ctx_size && ctx->md_data &&
-            !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
+            !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
-                explicit_bzero(ctx->md_data, ctx->digest->ctx_size);
+                freezero(ctx->md_data, ctx->digest->ctx_size);
-                free(ctx->md_data);
-        }
        EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
        if (ctx->engine)
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 97cb5154a5..7c713db026 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.33 2017/01/31 13:17:21 inoguchi Exp $ */
+/* $OpenBSD: e_aes.c,v 1.34 2017/05/02 03:59:44 deraadt Exp $ */
 /* ====================================================================
 * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -1422,8 +1422,7 @@ aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx)
 {
        struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
-        explicit_bzero(gcm_ctx, sizeof(*gcm_ctx));
+        freezero(gcm_ctx, sizeof(*gcm_ctx));
-        free(gcm_ctx);
 }
 static int
diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c
index e135f9a104..051d5548b5 100644
--- a/src/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.16 2017/05/02 03:59:44 deraadt Exp $ */
 /*
 * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -83,8 +83,7 @@ aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx)
 {
        struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
-        explicit_bzero(c20_ctx->key, sizeof(c20_ctx->key));
+        freezero(c20_ctx, sizeof(c20_ctx));
-        free(c20_ctx);
 }
 static void
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
index 1eb238dfde..57a46706b9 100644
--- a/src/lib/libcrypto/evp/p_open.c
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_open.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: p_open.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -109,9 +109,7 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
        ret = 1;
 err:
-        if (key != NULL)
+        freezero(key, size);
-                explicit_bzero(key, size);
-        free(key);
        return (ret);
 }
author	deraadt <>	2017-05-02 03:59:45 +0000
committer	deraadt <>	2017-05-02 03:59:45 +0000
commit	2b561cb0e87f2ee535e8c64907883cd275ad3fec (patch)
tree	bb9d050c5c2984047e6475e087694d6764f24157 /src/lib/libcrypto/evp
parent	024e2580a5280d4df3724dab76ce52e14fe2060c (diff)
download	openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.tar.gz openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.tar.bz2 openbsd-2b561cb0e87f2ee535e8c64907883cd275ad3fec.zip