*** empty log message ***

diff --git a/lib/libcrypto/malloc-wrapper.c b/lib/libcrypto/malloc-wrapper.c
index 68af818..d69b025 100644 (file)
--- a/lib/libcrypto/malloc-wrapper.c
+++ b/lib/libcrypto/malloc-wrapper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: malloc-wrapper.c,v 1.3 2014/04/20 14:32:19 jsing Exp $ */
+/* $OpenBSD: malloc-wrapper.c,v 1.4 2017/04/28 22:38:51 beck Exp $ */
 /*
  * Copyright (c) 2014 Bob Beck
  *
@@ -165,8 +165,7 @@ CRYPTO_realloc_clean(void *ptr, int old_len, int num, const char *file,
        ret = malloc(num);
        if (ret && ptr && old_len > 0) {
                memcpy(ret, ptr, old_len);
-               explicit_bzero(ptr, old_len);
-               free(ptr);
+               freezero(ptr, old_len);
        }
        return ret;
 }

diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c
index 90a3be8..128269a 100644 (file)
--- a/lib/libcrypto/rsa/rsa_eay.c
+++ b/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_eay.c,v 1.46 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.47 2017/04/28 22:38:51 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -244,10 +244,8 @@ err:
                BN_CTX_end(ctx);
                BN_CTX_free(ctx);
        }
-       if (buf != NULL) {
-               explicit_bzero(buf, num);
-               free(buf);
-       }
+       freezero(buf, num);
+
        return r;
 }
 
@@ -468,10 +466,8 @@ err:
                BN_CTX_end(ctx);
                BN_CTX_free(ctx);
        }
-       if (buf != NULL) {
-               explicit_bzero(buf, num);
-               free(buf);
-       }
+       freezero(buf, num);
+
        return r;
 }
 
@@ -597,10 +593,8 @@ err:
                BN_CTX_end(ctx);
                BN_CTX_free(ctx);
        }
-       if (buf != NULL) {
-               explicit_bzero(buf, num);
-               free(buf);
-       }
+       freezero(buf, num);
+
        return r;
 }
 
@@ -700,10 +694,8 @@ err:
                BN_CTX_end(ctx);
                BN_CTX_free(ctx);
        }
-       if (buf != NULL) {
-               explicit_bzero(buf, num);
-               free(buf);
-       }
+       freezero(buf, num);
+
        return r;
 }
 

diff --git a/lib/libcrypto/rsa/rsa_saos.c b/lib/libcrypto/rsa/rsa_saos.c
index 179217c..50522b9 100644 (file)
--- a/lib/libcrypto/rsa/rsa_saos.c
+++ b/lib/libcrypto/rsa/rsa_saos.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_saos.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: rsa_saos.c,v 1.21 2017/04/28 22:38:51 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -96,8 +96,8 @@ RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len,
        else
                *siglen = i;
 
-       explicit_bzero(s, (unsigned int)j + 1);
-       free(s);
+       freezero(s, (unsigned int)j + 1);
+
        return ret;
 }
 
@@ -137,9 +137,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
                ret = 1;
 err:
        ASN1_OCTET_STRING_free(sig);
-       if (s != NULL) {
-               explicit_bzero(s, (unsigned int)siglen);
-               free(s);
-       }
+       freezero(s, siglen);
+
        return ret;
 }

diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c
index 52cbc3d..618ec15 100644 (file)
--- a/lib/libcrypto/rsa/rsa_sign.c
+++ b/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.27 2017/04/28 22:38:51 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -135,10 +135,9 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        else
                *siglen = i;
 
-       if (type != NID_md5_sha1) {
-               explicit_bzero(tmps, (unsigned int)j + 1);
-               free(tmps);
-       }
+       if (type != NID_md5_sha1)
+               freezero(tmps, (unsigned int)j + 1);
+
        return (ret);
 }
 
@@ -234,10 +233,9 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 err:
        if (sig != NULL)
                X509_SIG_free(sig);
-       if (s != NULL) {
-               explicit_bzero(s, (unsigned int)siglen);
-               free(s);
-       }
+
+       freezero(s, (unsigned int)siglen);
+
        return ret;
 }
 

diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index fbed5ec..09d33d4 100644 (file)
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.62 2017/04/28 22:38:51 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -541,15 +541,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
        /* Safety net, error returns must set ctx->error */
        if (ok <= 0 && ctx->error == X509_V_OK)
                ctx->error = X509_V_ERR_UNSPECIFIED;
-
-       /*
-        * Safety net, if user provided verify callback indicates sucess
-        * make sure they have set error to X509_V_OK
-        */
-       if (ctx->verify_cb != null_callback && ok == 1)
-               ctx->error = X509_V_OK;
-
-       return(ctx->error == X509_V_OK);
+       return ok;
 }
 
 /* Given a STACK_OF(X509) find the issuer of cert (if any)