diff options
Diffstat (limited to 'src/lib/libcrypto/pkcs7')
| -rw-r--r-- | src/lib/libcrypto/pkcs7/pk7_doit.c | 34 |
1 files changed, 9 insertions, 25 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 484620a686..24ab957b4c 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pk7_doit.c,v 1.41 2017/01/29 17:49:23 beck Exp $ */ | 1 | /* $OpenBSD: pk7_doit.c,v 1.42 2017/05/02 03:59:45 deraadt Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -231,10 +231,7 @@ pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri, | |||
| 231 | 231 | ||
| 232 | ret = 1; | 232 | ret = 1; |
| 233 | 233 | ||
| 234 | if (*pek) { | 234 | freezero(*pek, *peklen); |
| 235 | explicit_bzero(*pek, *peklen); | ||
| 236 | free(*pek); | ||
| 237 | } | ||
| 238 | 235 | ||
| 239 | *pek = ek; | 236 | *pek = ek; |
| 240 | *peklen = eklen; | 237 | *peklen = eklen; |
| @@ -577,8 +574,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 577 | */ | 574 | */ |
| 578 | if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { | 575 | if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { |
| 579 | /* Use random key as MMA defence */ | 576 | /* Use random key as MMA defence */ |
| 580 | explicit_bzero(ek, eklen); | 577 | freezero(ek, eklen); |
| 581 | free(ek); | ||
| 582 | ek = tkey; | 578 | ek = tkey; |
| 583 | eklen = tkeylen; | 579 | eklen = tkeylen; |
| 584 | tkey = NULL; | 580 | tkey = NULL; |
| @@ -589,16 +585,10 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 589 | if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) | 585 | if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) |
| 590 | goto err; | 586 | goto err; |
| 591 | 587 | ||
| 592 | if (ek) { | 588 | freezero(ek, eklen); |
| 593 | explicit_bzero(ek, eklen); | 589 | ek = NULL; |
| 594 | free(ek); | 590 | freezero(tkey, tkeylen); |
| 595 | ek = NULL; | 591 | tkey = NULL; |
| 596 | } | ||
| 597 | if (tkey) { | ||
| 598 | explicit_bzero(tkey, tkeylen); | ||
| 599 | free(tkey); | ||
| 600 | tkey = NULL; | ||
| 601 | } | ||
| 602 | 592 | ||
| 603 | if (out == NULL) | 593 | if (out == NULL) |
| 604 | out = etmp; | 594 | out = etmp; |
| @@ -623,14 +613,8 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | |||
| 623 | 613 | ||
| 624 | if (0) { | 614 | if (0) { |
| 625 | err: | 615 | err: |
| 626 | if (ek) { | 616 | freezero(ek, eklen); |
| 627 | explicit_bzero(ek, eklen); | 617 | freezero(tkey, tkeylen); |
| 628 | free(ek); | ||
| 629 | } | ||
| 630 | if (tkey) { | ||
| 631 | explicit_bzero(tkey, tkeylen); | ||
| 632 | free(tkey); | ||
| 633 | } | ||
| 634 | if (out != NULL) | 618 | if (out != NULL) |
| 635 | BIO_free_all(out); | 619 | BIO_free_all(out); |
| 636 | if (btmp != NULL) | 620 | if (btmp != NULL) |