From 5904cc0e04409fde39a97e6580535da34eeb4291 Mon Sep 17 00:00:00 2001 From: deraadt <> Date: Tue, 2 May 2017 03:59:45 +0000 Subject: use freezero() instead of memset/explicit_bzero + free. Substantially reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck --- src/lib/libcrypto/ec/ec_key.c | 6 ++---- src/lib/libcrypto/ec/ec_lib.c | 13 ++++--------- src/lib/libcrypto/ec/ec_mult.c | 5 ++--- src/lib/libcrypto/ec/ecp_nistp224.c | 5 ++--- src/lib/libcrypto/ec/ecp_nistp256.c | 5 ++--- src/lib/libcrypto/ec/ecp_nistp521.c | 5 ++--- src/lib/libcrypto/ec/ecp_nistz256.c | 8 +++----- 7 files changed, 17 insertions(+), 30 deletions(-) (limited to 'src/lib/libcrypto/ec') diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c index 5a23a9823d..595b88cefc 100644 --- a/src/lib/libcrypto/ec/ec_key.c +++ b/src/lib/libcrypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ec_key.c,v 1.14 2017/05/02 03:59:44 deraadt Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -122,9 +122,7 @@ EC_KEY_free(EC_KEY * r) EC_EX_DATA_free_all_data(&r->method_data); - explicit_bzero((void *) r, sizeof(EC_KEY)); - - free(r); + freezero(r, sizeof(EC_KEY)); } EC_KEY * diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c index baddbf6dc8..0d062111b5 100644 --- a/src/lib/libcrypto/ec/ec_lib.c +++ b/src/lib/libcrypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.24 2017/05/02 03:59:44 deraadt Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -151,12 +151,8 @@ EC_GROUP_clear_free(EC_GROUP * group) BN_clear_free(&group->order); BN_clear_free(&group->cofactor); - if (group->seed) { - explicit_bzero(group->seed, group->seed_len); - free(group->seed); - } - explicit_bzero(group, sizeof *group); - free(group); + freezero(group->seed, group->seed_len); + freezero(group, sizeof *group); } @@ -743,8 +739,7 @@ EC_POINT_clear_free(EC_POINT * point) point->meth->point_clear_finish(point); else if (point->meth->point_finish != 0) point->meth->point_finish(point); - explicit_bzero(point, sizeof *point); - free(point); + freezero(point, sizeof *point); } diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c index e44104d21c..a565263bb6 100644 --- a/src/lib/libcrypto/ec/ec_mult.c +++ b/src/lib/libcrypto/ec/ec_mult.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_mult.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ec_mult.c,v 1.21 2017/05/02 03:59:44 deraadt Exp $ */ /* * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ @@ -177,8 +177,7 @@ ec_pre_comp_clear_free(void *pre_) } free(pre->points); } - explicit_bzero(pre, sizeof *pre); - free(pre); + freezero(pre, sizeof *pre); } diff --git a/src/lib/libcrypto/ec/ecp_nistp224.c b/src/lib/libcrypto/ec/ecp_nistp224.c index 38dd83b6d9..fce74578c7 100644 --- a/src/lib/libcrypto/ec/ecp_nistp224.c +++ b/src/lib/libcrypto/ec/ecp_nistp224.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistp224.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecp_nistp224.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */ /* * Written by Emilia Kasper (Google) for the OpenSSL project. */ @@ -1239,8 +1239,7 @@ nistp224_pre_comp_clear_free(void *pre_) if (i > 0) return; - explicit_bzero(pre, sizeof *pre); - free(pre); + freezero(pre, sizeof *pre); } /******************************************************************************/ diff --git a/src/lib/libcrypto/ec/ecp_nistp256.c b/src/lib/libcrypto/ec/ecp_nistp256.c index 4771a92efd..6f3ec3c250 100644 --- a/src/lib/libcrypto/ec/ecp_nistp256.c +++ b/src/lib/libcrypto/ec/ecp_nistp256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistp256.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecp_nistp256.c,v 1.18 2017/05/02 03:59:44 deraadt Exp $ */ /* * Written by Adam Langley (Google) for the OpenSSL project */ @@ -1788,8 +1788,7 @@ nistp256_pre_comp_clear_free(void *pre_) if (i > 0) return; - explicit_bzero(pre, sizeof *pre); - free(pre); + freezero(pre, sizeof *pre); } /******************************************************************************/ diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c index 22bafe392f..6dbc266937 100644 --- a/src/lib/libcrypto/ec/ecp_nistp521.c +++ b/src/lib/libcrypto/ec/ecp_nistp521.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistp521.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecp_nistp521.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */ /* * Written by Adam Langley (Google) for the OpenSSL project */ @@ -1679,8 +1679,7 @@ nistp521_pre_comp_clear_free(void *pre_) if (i > 0) return; - explicit_bzero(pre, sizeof(*pre)); - free(pre); + freezero(pre, sizeof(*pre)); } /******************************************************************************/ diff --git a/src/lib/libcrypto/ec/ecp_nistz256.c b/src/lib/libcrypto/ec/ecp_nistz256.c index 848f15cb17..b3b8f74b14 100644 --- a/src/lib/libcrypto/ec/ecp_nistz256.c +++ b/src/lib/libcrypto/ec/ecp_nistz256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_nistz256.c,v 1.2 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ecp_nistz256.c,v 1.3 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (c) 2014, Intel Corporation. * * Permission to use, copy, modify, and/or distribute this software for any @@ -1118,11 +1118,9 @@ ecp_nistz256_pre_comp_clear_free(void *pre_) * here, but the only place where we allocate this uses * PRECOMP256_ROW (i.e. 64 P256_POINT_AFFINE) but sets w == 7. */ - explicit_bzero(pre->precomp, 37 * sizeof(PRECOMP256_ROW)); - free(pre->precomp); + freezero(pre->precomp, 37 * sizeof(PRECOMP256_ROW)); } - explicit_bzero(pre, sizeof *pre); - free(pre); + freezero(pre, sizeof *pre); } static int -- cgit v1.2.3-55-g6feb