From e9519e7488dc9affc5903228dd04377e15aeae1e Mon Sep 17 00:00:00 2001
From: beck <>
Date: Thu, 17 Mar 2016 03:51:49 +0000
Subject: explicit_bzero for asn1 objects on free. Too often these contain
 sensitive information and they should not be a performance bottleneck ok
 miod@ krw@

---
 src/lib/libcrypto/asn1/a_object.c         | 51 ++++++++++++++++---------------
 src/lib/libssl/src/crypto/asn1/a_object.c | 51 ++++++++++++++++---------------
 2 files changed, 54 insertions(+), 48 deletions(-)

diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
index fcd6aa91fe..5bf450d0e1 100644
--- a/src/lib/libcrypto/asn1/a_object.c
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_object.c,v 1.25 2016/03/06 18:05:00 beck Exp $ */
+/* $OpenBSD: a_object.c,v 1.26 2016/03/17 03:51:49 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -225,23 +225,29 @@ i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
 int
 i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 {
-	char buf[80], *p = buf;
-	int i;
+	char *tmp = NULL;
+	size_t tlen = 256;
+	int i = -1;
 
 	if ((a == NULL) || (a->data == NULL))
-		return(BIO_write(bp, "NULL",4));
-	i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
-	if (i > (int)(sizeof(buf) - 1)) {
-		p = malloc(i + 1);
-		if (!p)
+		return(BIO_write(bp, "NULL", 4));
+	if ((tmp = malloc(tlen)) == NULL)
+		return -1;
+	i = i2t_ASN1_OBJECT(tmp, tlen, a);
+	if (i > (int)(tlen - 1)) {
+		explicit_bzero(tmp, tlen);
+		free(tmp);
+		if ((tmp = malloc(i + 1)) == NULL)
 			return -1;
-		i2t_ASN1_OBJECT(p, i + 1, a);
+		tlen = i + 1;
+		i = i2t_ASN1_OBJECT(tmp, tlen, a);
 	}
 	if (i <= 0)
-		return BIO_write(bp, "<INVALID>", 9);
-	BIO_write(bp, p, i);
-	if (p != buf)
-		free(p);
+		i = BIO_write(bp, "<INVALID>", 9);
+	else
+		i = BIO_write(bp, tmp, i);
+	explicit_bzero(tmp, tlen);
+	free(tmp);
 	return (i);
 }
 
@@ -317,18 +323,15 @@ c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
 	p = *pp;
 	/* detach data from object */
 	data = (unsigned char *)ret->data;
-	ret->data = NULL;
-	/* once detached we can change it */
-	if ((data == NULL) || (ret->length < length)) {
-		ret->length = 0;
-		free(data);
-		data = malloc(length);
-		if (data == NULL) {
-			i = ERR_R_MALLOC_FAILURE;
-			goto err;
-		}
-		ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+	if (data != NULL)
+		explicit_bzero(data, ret->length);
+	free(data);
+	data = malloc(length);
+	if (data == NULL) {
+		i = ERR_R_MALLOC_FAILURE;
+		goto err;
 	}
+	ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
 	memcpy(data, p, length);
 	/* reattach data to object, after which it remains const */
 	ret->data = data;
diff --git a/src/lib/libssl/src/crypto/asn1/a_object.c b/src/lib/libssl/src/crypto/asn1/a_object.c
index fcd6aa91fe..5bf450d0e1 100644
--- a/src/lib/libssl/src/crypto/asn1/a_object.c
+++ b/src/lib/libssl/src/crypto/asn1/a_object.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_object.c,v 1.25 2016/03/06 18:05:00 beck Exp $ */
+/* $OpenBSD: a_object.c,v 1.26 2016/03/17 03:51:49 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -225,23 +225,29 @@ i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
 int
 i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 {
-	char buf[80], *p = buf;
-	int i;
+	char *tmp = NULL;
+	size_t tlen = 256;
+	int i = -1;
 
 	if ((a == NULL) || (a->data == NULL))
-		return(BIO_write(bp, "NULL",4));
-	i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
-	if (i > (int)(sizeof(buf) - 1)) {
-		p = malloc(i + 1);
-		if (!p)
+		return(BIO_write(bp, "NULL", 4));
+	if ((tmp = malloc(tlen)) == NULL)
+		return -1;
+	i = i2t_ASN1_OBJECT(tmp, tlen, a);
+	if (i > (int)(tlen - 1)) {
+		explicit_bzero(tmp, tlen);
+		free(tmp);
+		if ((tmp = malloc(i + 1)) == NULL)
 			return -1;
-		i2t_ASN1_OBJECT(p, i + 1, a);
+		tlen = i + 1;
+		i = i2t_ASN1_OBJECT(tmp, tlen, a);
 	}
 	if (i <= 0)
-		return BIO_write(bp, "<INVALID>", 9);
-	BIO_write(bp, p, i);
-	if (p != buf)
-		free(p);
+		i = BIO_write(bp, "<INVALID>", 9);
+	else
+		i = BIO_write(bp, tmp, i);
+	explicit_bzero(tmp, tlen);
+	free(tmp);
 	return (i);
 }
 
@@ -317,18 +323,15 @@ c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
 	p = *pp;
 	/* detach data from object */
 	data = (unsigned char *)ret->data;
-	ret->data = NULL;
-	/* once detached we can change it */
-	if ((data == NULL) || (ret->length < length)) {
-		ret->length = 0;
-		free(data);
-		data = malloc(length);
-		if (data == NULL) {
-			i = ERR_R_MALLOC_FAILURE;
-			goto err;
-		}
-		ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+	if (data != NULL)
+		explicit_bzero(data, ret->length);
+	free(data);
+	data = malloc(length);
+	if (data == NULL) {
+		i = ERR_R_MALLOC_FAILURE;
+		goto err;
 	}
+	ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
 	memcpy(data, p, length);
 	/* reattach data to object, after which it remains const */
 	ret->data = data;
-- 
cgit v1.2.3-55-g6feb