diff options
author | jsg@openbsd.org <jsg@openbsd.org> | 2020-02-26 13:40:09 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-02-28 12:26:28 +1100 |
commit | d5ba1c03278eb079438bb038266d80d7477d49cb (patch) | |
tree | 6d8dd2d802af796bcb7c9d6d018196a448bb9ff6 /sshkey.c | |
parent | 9e3220b585c5be19a7431ea4ff8884c137b3a81c (diff) |
upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.
ok deraadt@ djm@
OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
Diffstat (limited to 'sshkey.c')
-rw-r--r-- | sshkey.c | 44 |
1 files changed, 15 insertions, 29 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.99 2020/01/21 05:56:56 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.100 2020/02/26 13:40:09 jsg Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -1019,10 +1019,8 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, r = 0; out: free(ret); - if (blob != NULL) { - explicit_bzero(blob, blob_len); - free(blob); - } + if (blob != NULL) + freezero(blob, blob_len); return r; } @@ -1280,12 +1278,10 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg, dgst_raw, dgst_raw_len, k); break; default: - explicit_bzero(dgst_raw, dgst_raw_len); - free(dgst_raw); + freezero(dgst_raw, dgst_raw_len); return NULL; } - explicit_bzero(dgst_raw, dgst_raw_len); - free(dgst_raw); + freezero(dgst_raw, dgst_raw_len); return retval; } @@ -4054,18 +4050,12 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob, sshbuf_free(encrypted); cipher_free(ciphercontext); explicit_bzero(salt, sizeof(salt)); - if (key != NULL) { - explicit_bzero(key, keylen + ivlen); - free(key); - } - if (pubkeyblob != NULL) { - explicit_bzero(pubkeyblob, pubkeylen); - free(pubkeyblob); - } - if (b64 != NULL) { - explicit_bzero(b64, strlen(b64)); - free(b64); - } + if (key != NULL) + freezero(key, keylen + ivlen); + if (pubkeyblob != NULL) + freezero(pubkeyblob, pubkeylen); + if (b64 != NULL) + freezero(b64, strlen(b64)); return r; } @@ -4273,14 +4263,10 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, free(ciphername); free(kdfname); free(comment); - if (salt != NULL) { - explicit_bzero(salt, slen); - free(salt); - } - if (key != NULL) { - explicit_bzero(key, keylen + ivlen); - free(key); - } + if (salt != NULL) + freezero(salt, slen); + if (key != NULL) + freezero(key, keylen + ivlen); sshbuf_free(encoded); sshbuf_free(decoded); sshbuf_free(kdf); |