From: jsing <jsing@openbsd.org>
Date: Tue, 11 Apr 2017 13:14:08 +0000 (+0000)
Subject: Revert ssl_asn1.c r1.50 - CBB and freezero(3) do not play nicely together.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f8e75f0f90666b1a898f0baf1f6ced747de8c807;p=openbsd

Revert ssl_asn1.c r1.50 - CBB and freezero(3) do not play nicely together.
Back this out while we investigate and implement a solution.

Found the hard way by sthen@
---

diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c
index 5110ca3cc81..aca34f8c3ea 100644
--- a/lib/libssl/ssl_asn1.c
+++ b/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.50 2017/04/10 16:47:08 jsing Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.51 2017/04/11 13:14:08 jsing Exp $ */
 
 /*
  * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
@@ -205,9 +205,12 @@ i2d_SSL_SESSION(SSL_SESSION *s, unsigned char **pp)
 	rv = (int)data_len;
 
  err:
+	if (data != NULL)
+		explicit_bzero(data, data_len);
+
 	CBB_cleanup(&session);
-	freezero(data, data_len);
 	free(peer_cert_bytes);
+	free(data);
 
 	return rv;
 }