OPENSSL_clear_free() -> freezero()

author: tb <> 2024-07-09 16:29:27 +0000
committer: tb <> 2024-07-09 16:29:27 +0000
commit: 3088a35891614e72687a1ff2e688fc1cc936e21a (patch)
tree: 8a9a75c70ec88a8c1b4f7869827d2f2ae6e0af4d /src/lib
parent: 77b8951ee68ad6af5792771f72a7665d6e14ba08 (diff)
download: openbsd-3088a35891614e72687a1ff2e688fc1cc936e21a.tar.gz
openbsd-3088a35891614e72687a1ff2e688fc1cc936e21a.tar.bz2
openbsd-3088a35891614e72687a1ff2e688fc1cc936e21a.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c
index 6d3d49cd25..d08c32d270 100644
--- a/src/lib/libcrypto/kdf/tls1_prf.c
+++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -49,7 +49,7 @@ static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
 static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
 {
    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
-    OPENSSL_clear_free(kctx->sec, kctx->seclen);
+    freezero(kctx->sec, kctx->seclen);
    OPENSSL_cleanse(kctx->seed, kctx->seedlen);
    OPENSSL_free(kctx);
 }
@@ -66,7 +66,7 @@ static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
        if (p1 < 0)
            return 0;
        if (kctx->sec != NULL)
-            OPENSSL_clear_free(kctx->sec, kctx->seclen);
+            freezero(kctx->sec, kctx->seclen);
        OPENSSL_cleanse(kctx->seed, kctx->seedlen);
        kctx->seedlen = 0;
        kctx->sec = OPENSSL_memdup(p2, p1);
@@ -263,12 +263,12 @@ static int tls1_prf_alg(const EVP_MD *md,
        }
        if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1),
                         seed, seed_len, tmp, olen)) {
-            OPENSSL_clear_free(tmp, olen);
+            freezero(tmp, olen);
            return 0;
        }
        for (i = 0; i < olen; i++)
            out[i] ^= tmp[i];
-        OPENSSL_clear_free(tmp, olen);
+        freezero(tmp, olen);
        return 1;
    }
    if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen))
author	tb <>	2024-07-09 16:29:27 +0000
committer	tb <>	2024-07-09 16:29:27 +0000
commit	3088a35891614e72687a1ff2e688fc1cc936e21a (patch)
tree	8a9a75c70ec88a8c1b4f7869827d2f2ae6e0af4d /src/lib
parent	77b8951ee68ad6af5792771f72a7665d6e14ba08 (diff)
download	openbsd-3088a35891614e72687a1ff2e688fc1cc936e21a.tar.gz openbsd-3088a35891614e72687a1ff2e688fc1cc936e21a.tar.bz2 openbsd-3088a35891614e72687a1ff2e688fc1cc936e21a.zip

diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c index 6d3d49cd25..d08c32d270 100644 --- a/src/lib/libcrypto/kdf/tls1_prf.c +++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -49,7 +49,7 @@ static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
49	static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)	49	static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
50	{	50	{
51	TLS1_PRF_PKEY_CTX *kctx = ctx->data;	51	TLS1_PRF_PKEY_CTX *kctx = ctx->data;
52	OPENSSL_clear_free(kctx->sec, kctx->seclen);	52	freezero(kctx->sec, kctx->seclen);
53	OPENSSL_cleanse(kctx->seed, kctx->seedlen);	53	OPENSSL_cleanse(kctx->seed, kctx->seedlen);
54	OPENSSL_free(kctx);	54	OPENSSL_free(kctx);
55	}	55	}
@@ -66,7 +66,7 @@ static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
66	if (p1 < 0)	66	if (p1 < 0)
67	return 0;	67	return 0;
68	if (kctx->sec != NULL)	68	if (kctx->sec != NULL)
69	OPENSSL_clear_free(kctx->sec, kctx->seclen);	69	freezero(kctx->sec, kctx->seclen);
70	OPENSSL_cleanse(kctx->seed, kctx->seedlen);	70	OPENSSL_cleanse(kctx->seed, kctx->seedlen);
71	kctx->seedlen = 0;	71	kctx->seedlen = 0;
72	kctx->sec = OPENSSL_memdup(p2, p1);	72	kctx->sec = OPENSSL_memdup(p2, p1);
@@ -263,12 +263,12 @@ static int tls1_prf_alg(const EVP_MD *md,
263	}	263	}
264	if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1),	264	if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1),
265	seed, seed_len, tmp, olen)) {	265	seed, seed_len, tmp, olen)) {
266	OPENSSL_clear_free(tmp, olen);	266	freezero(tmp, olen);
267	return 0;	267	return 0;
268	}	268	}
269	for (i = 0; i < olen; i++)	269	for (i = 0; i < olen; i++)
270	out[i] ^= tmp[i];	270	out[i] ^= tmp[i];
271	OPENSSL_clear_free(tmp, olen);	271	freezero(tmp, olen);
272	return 1;	272	return 1;
273	}	273	}
274	if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen))	274	if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen))