From f59a5e932baaa204327818534b8c93267c20bed0 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 8 Mar 2023 05:45:31 +0000
Subject: Always clear EC groups and points on free.

Rather than sometimes clearing, turn the free functions into ones that
always clear (as we've done elsewhere). Turn the EC_GROUP_clear_free() and
EC_POINT_clear_free() functions into wrappers that call the *_free()
version. Do similar for the EC_METHOD implementations, removing the
group_clear_finish() and point_clear_finish() hooks in the process.

ok tb@
---
 src/lib/libcrypto/ec/ec_lib.c | 53 +++++++++++--------------------------------
 1 file changed, 13 insertions(+), 40 deletions(-)

(limited to 'src/lib/libcrypto/ec/ec_lib.c')

diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 0e863ddfef..8eb0253a1f 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.49 2023/03/07 09:27:10 jsing Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.50 2023/03/08 05:45:31 jsing Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -117,46 +117,28 @@ EC_GROUP_new(const EC_METHOD *meth)
 void
 EC_GROUP_free(EC_GROUP *group)
 {
-	if (!group)
+	if (group != NULL)
 		return;
 
-	if (group->meth->group_finish != 0)
+	if (group->meth->group_finish != NULL)
 		group->meth->group_finish(group);
 
-	EC_EX_DATA_free_all_data(&group->extra_data);
+	EC_EX_DATA_clear_free_all_data(&group->extra_data);
 
 	EC_POINT_free(group->generator);
 	BN_free(&group->order);
 	BN_free(&group->cofactor);
 
-	free(group->seed);
-
-	free(group);
+	freezero(group->seed, group->seed_len);
+	freezero(group, sizeof *group);
 }
 
-
 void
 EC_GROUP_clear_free(EC_GROUP *group)
 {
-	if (!group)
-		return;
-
-	if (group->meth->group_clear_finish != 0)
-		group->meth->group_clear_finish(group);
-	else if (group->meth->group_finish != 0)
-		group->meth->group_finish(group);
-
-	EC_EX_DATA_clear_free_all_data(&group->extra_data);
-
-	EC_POINT_clear_free(group->generator);
-	BN_free(&group->order);
-	BN_free(&group->cofactor);
-
-	freezero(group->seed, group->seed_len);
-	freezero(group, sizeof *group);
+	return EC_GROUP_free(group);
 }
 
-
 int
 EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
 {
@@ -195,7 +177,7 @@ EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
 			return 0;
 	} else {
 		/* src->generator == NULL */
-		EC_POINT_clear_free(dest->generator);
+		EC_POINT_free(dest->generator);
 		dest->generator = NULL;
 	}
 
@@ -851,33 +833,24 @@ EC_POINT_new(const EC_GROUP *group)
 	return ret;
 }
 
-
 void
 EC_POINT_free(EC_POINT *point)
 {
-	if (!point)
+	if (point != NULL)
 		return;
 
-	if (point->meth->point_finish != 0)
+	if (point->meth->point_finish != NULL)
 		point->meth->point_finish(point);
-	free(point);
-}
 
+	freezero(point, sizeof *point);
+}
 
 void
 EC_POINT_clear_free(EC_POINT *point)
 {
-	if (!point)
-		return;
-
-	if (point->meth->point_clear_finish != 0)
-		point->meth->point_clear_finish(point);
-	else if (point->meth->point_finish != 0)
-		point->meth->point_finish(point);
-	freezero(point, sizeof *point);
+	return EC_POINT_free(point);
 }
 
-
 int
 EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
 {
-- 
cgit v1.2.3-55-g6feb