summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'ssl')
-rw-r--r--ssl/s3_clnt.c10
-rw-r--r--ssl/s3_enc.c7
-rw-r--r--ssl/s3_lib.c3
-rw-r--r--ssl/ssl_cert.c7
-rw-r--r--ssl/ssl_sess.c3
-rw-r--r--ssl/t1_enc.c5
-rw-r--r--ssl/tls_srp.c19
7 files changed, 15 insertions, 39 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index bbff778d44..71756cda2e 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3073,8 +3073,7 @@ int ssl3_send_client_key_exchange(SSL *s)
s->
session->master_key,
pms, pmslen);
- OPENSSL_cleanse(pms, pmslen);
- OPENSSL_free(pms);
+ OPENSSL_clear_free(pms, pmslen);
s->cert->pms = NULL;
if (s->session->master_key_length < 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
@@ -3087,11 +3086,8 @@ int ssl3_send_client_key_exchange(SSL *s)
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
err:
- if (pms) {
- OPENSSL_cleanse(pms, pmslen);
- OPENSSL_free(pms);
- s->cert->pms = NULL;
- }
+ OPENSSL_clear_free(pms, pmslen);
+ s->cert->pms = NULL;
#ifndef OPENSSL_NO_EC
BN_CTX_free(bn_ctx);
if (encodedPoint != NULL)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 8fc5bc4a8a..df86f5b9f3 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -471,11 +471,8 @@ int ssl3_setup_key_block(SSL *s)
void ssl3_cleanup_key_block(SSL *s)
{
- if (s->s3->tmp.key_block != NULL) {
- OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length);
- OPENSSL_free(s->s3->tmp.key_block);
- s->s3->tmp.key_block = NULL;
- }
+ OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length);
+ s->s3->tmp.key_block = NULL;
s->s3->tmp.key_block_length = 0;
}
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ef2ddb4973..190d0f1b93 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3138,8 +3138,7 @@ void ssl3_free(SSL *s)
#ifndef OPENSSL_NO_SRP
SSL_SRP_CTX_free(s);
#endif
- OPENSSL_cleanse(s->s3, sizeof *s->s3);
- OPENSSL_free(s->s3);
+ OPENSSL_clear_free(s->s3, sizeof *s->s3);
s->s3 = NULL;
}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 0ae9646991..a15c5f9a09 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -465,11 +465,8 @@ void ssl_cert_free(CERT *c)
custom_exts_free(&c->cli_ext);
custom_exts_free(&c->srv_ext);
#endif
- if (c->pms) {
- OPENSSL_cleanse(c->pms, c->pmslen);
- OPENSSL_free(c->pms);
- c->pms = NULL;
- }
+ OPENSSL_clear_free(c->pms, c->pmslen);
+ c->pms = NULL;
OPENSSL_free(c);
}
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index eed38ca73c..cec5905291 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -759,8 +759,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
if (ss->srp_username != NULL)
OPENSSL_free(ss->srp_username);
#endif
- OPENSSL_cleanse(ss, sizeof(*ss));
- OPENSSL_free(ss);
+ OPENSSL_clear_free(ss, sizeof(*ss));
}
int SSL_set_session(SSL *s, SSL_SESSION *session)
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 1f58ed017b..edb65582f0 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -717,10 +717,7 @@ int tls1_setup_key_block(SSL *s)
ret = 1;
err:
- if (p2) {
- OPENSSL_cleanse(p2, num);
- OPENSSL_free(p2);
- }
+ OPENSSL_clear_free(p2, num);
return (ret);
}
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index 33d398fff7..5d895ccab3 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -339,7 +339,7 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key)
{
BIGNUM *K = NULL, *u = NULL;
- int ret = -1, tmp_len;
+ int ret = -1, tmp_len = 0;
unsigned char *tmp = NULL;
if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
@@ -360,10 +360,7 @@ int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key)
s->method->ssl3_enc->generate_master_secret(s, master_key, tmp,
tmp_len);
err:
- if (tmp) {
- OPENSSL_cleanse(tmp, tmp_len);
- OPENSSL_free(tmp);
- }
+ OPENSSL_clear_free(tmp, tmp_len);
BN_clear_free(K);
BN_clear_free(u);
return ret;
@@ -373,7 +370,7 @@ int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key)
int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key)
{
BIGNUM *x = NULL, *u = NULL, *K = NULL;
- int ret = -1, tmp_len;
+ int ret = -1, tmp_len = 0;
char *passwd = NULL;
unsigned char *tmp = NULL;
@@ -407,16 +404,10 @@ int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key)
s->method->ssl3_enc->generate_master_secret(s, master_key, tmp,
tmp_len);
err:
- if (tmp) {
- OPENSSL_cleanse(tmp, tmp_len);
- OPENSSL_free(tmp);
- }
+ OPENSSL_clear_free(tmp, tmp_len);
BN_clear_free(K);
BN_clear_free(x);
- if (passwd) {
- OPENSSL_cleanse(passwd, strlen(passwd));
- OPENSSL_free(passwd);
- }
+ OPENSSL_clear_free(passwd, strlen(passwd));
BN_clear_free(u);
return ret;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-11 17:55:16 +0000