From cf4db30de84cbeafb41c4033a56ecc40a6871665 Mon Sep 17 00:00:00 2001 From: deraadt Date: Tue, 18 Apr 2017 02:15:50 +0000 Subject: [PATCH] use freezero() instead of 4-line conditional explicit_bzero + free --- usr.bin/openssl/apps.c | 7 ++----- usr.bin/openssl/dgst.c | 7 ++----- usr.bin/openssl/s_client.c | 17 ++++------------- usr.bin/openssl/s_server.c | 7 ++----- 4 files changed, 10 insertions(+), 28 deletions(-) diff --git a/usr.bin/openssl/apps.c b/usr.bin/openssl/apps.c index c6c992fe10c..7594e77c19b 100644 --- a/usr.bin/openssl/apps.c +++ b/usr.bin/openssl/apps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: apps.c,v 1.42 2017/01/21 09:29:09 deraadt Exp $ */ +/* $OpenBSD: apps.c,v 1.43 2017/04/18 02:15:50 deraadt Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -397,10 +397,7 @@ password_callback(char *buf, int bufsiz, int verify, void *arg) } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); - if (buff) { - explicit_bzero(buff, (unsigned int) bufsiz); - free(buff); - } + freezero(buff, (unsigned int) bufsiz); if (ok >= 0) res = strlen(buf); if (ok == -1) { diff --git a/usr.bin/openssl/dgst.c b/usr.bin/openssl/dgst.c index ce50e08b53a..bcc9f1c7610 100644 --- a/usr.bin/openssl/dgst.c +++ b/usr.bin/openssl/dgst.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dgst.c,v 1.10 2017/01/20 08:57:11 deraadt Exp $ */ +/* $OpenBSD: dgst.c,v 1.11 2017/04/18 02:15:50 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -448,10 +448,7 @@ mac_end: } end: - if (buf != NULL) { - explicit_bzero(buf, BUFSIZE); - free(buf); - } + freezero(buf, BUFSIZE); if (in != NULL) BIO_free(in); free(passin); diff --git a/usr.bin/openssl/s_client.c b/usr.bin/openssl/s_client.c index 4a0a832c123..aa1c5764bd2 100644 --- a/usr.bin/openssl/s_client.c +++ b/usr.bin/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.31 2017/01/24 09:07:40 jsing Exp $ */ +/* $OpenBSD: s_client.c,v 1.32 2017/04/18 02:15:50 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1266,18 +1266,9 @@ end: free(pass); if (vpm) X509_VERIFY_PARAM_free(vpm); - if (cbuf != NULL) { - explicit_bzero(cbuf, BUFSIZZ); - free(cbuf); - } - if (sbuf != NULL) { - explicit_bzero(sbuf, BUFSIZZ); - free(sbuf); - } - if (mbuf != NULL) { - explicit_bzero(mbuf, BUFSIZZ); - free(mbuf); - } + freezero(cbuf, BUFSIZZ); + freezero(sbuf, BUFSIZZ); + freezero(mbuf, BUFSIZZ); if (bio_c_out != NULL) { BIO_free(bio_c_out); bio_c_out = NULL; diff --git a/usr.bin/openssl/s_server.c b/usr.bin/openssl/s_server.c index d73a11799b5..493dc262644 100644 --- a/usr.bin/openssl/s_server.c +++ b/usr.bin/openssl/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.25 2017/01/20 08:57:12 deraadt Exp $ */ +/* $OpenBSD: s_server.c,v 1.26 2017/04/18 02:15:50 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1590,10 +1590,7 @@ err: SSL_free(con); } BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); - if (buf != NULL) { - explicit_bzero(buf, bufsize); - free(buf); - } + freezero(buf, bufsize); if (ret >= 0) BIO_printf(bio_s_out, "ACCEPT\n"); return (ret); -- 2.20.1