diff options
author | Rich Salz <rsalz@openssl.org> | 2015-04-30 17:57:32 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-04-30 17:57:32 -0400 |
commit | 4b45c6e52b208deff7da333d1c7f84bcd3986609 (patch) | |
tree | db26f7a51ad582f203dce2145a43c3e0d4376f69 /ssl | |
parent | 68dc682499ea3fe27d909c946d7abd39062d6efd (diff) | |
download | openssl-4b45c6e52b208deff7da333d1c7f84bcd3986609.tar.gz |
free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_clnt.c | 10 | ||||
-rw-r--r-- | ssl/s3_enc.c | 7 | ||||
-rw-r--r-- | ssl/s3_lib.c | 3 | ||||
-rw-r--r-- | ssl/ssl_cert.c | 7 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 3 | ||||
-rw-r--r-- | ssl/t1_enc.c | 5 | ||||
-rw-r--r-- | ssl/tls_srp.c | 19 |
7 files changed, 15 insertions, 39 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index bbff778d44..71756cda2e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3073,8 +3073,7 @@ int ssl3_send_client_key_exchange(SSL *s) s-> session->master_key, pms, pmslen); - OPENSSL_cleanse(pms, pmslen); - OPENSSL_free(pms); + OPENSSL_clear_free(pms, pmslen); s->cert->pms = NULL; if (s->session->master_key_length < 0) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); @@ -3087,11 +3086,8 @@ int ssl3_send_client_key_exchange(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); err: - if (pms) { - OPENSSL_cleanse(pms, pmslen); - OPENSSL_free(pms); - s->cert->pms = NULL; - } + OPENSSL_clear_free(pms, pmslen); + s->cert->pms = NULL; #ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); if (encodedPoint != NULL) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 8fc5bc4a8a..df86f5b9f3 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -471,11 +471,8 @@ int ssl3_setup_key_block(SSL *s) void ssl3_cleanup_key_block(SSL *s) { - if (s->s3->tmp.key_block != NULL) { - OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length); - OPENSSL_free(s->s3->tmp.key_block); - s->s3->tmp.key_block = NULL; - } + OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length); + s->s3->tmp.key_block = NULL; s->s3->tmp.key_block_length = 0; } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ef2ddb4973..190d0f1b93 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3138,8 +3138,7 @@ void ssl3_free(SSL *s) #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); #endif - OPENSSL_cleanse(s->s3, sizeof *s->s3); - OPENSSL_free(s->s3); + OPENSSL_clear_free(s->s3, sizeof *s->s3); s->s3 = NULL; } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 0ae9646991..a15c5f9a09 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -465,11 +465,8 @@ void ssl_cert_free(CERT *c) custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); #endif - if (c->pms) { - OPENSSL_cleanse(c->pms, c->pmslen); - OPENSSL_free(c->pms); - c->pms = NULL; - } + OPENSSL_clear_free(c->pms, c->pmslen); + c->pms = NULL; OPENSSL_free(c); } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index eed38ca73c..cec5905291 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -759,8 +759,7 @@ void SSL_SESSION_free(SSL_SESSION *ss) if (ss->srp_username != NULL) OPENSSL_free(ss->srp_username); #endif - OPENSSL_cleanse(ss, sizeof(*ss)); - OPENSSL_free(ss); + OPENSSL_clear_free(ss, sizeof(*ss)); } int SSL_set_session(SSL *s, SSL_SESSION *session) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 1f58ed017b..edb65582f0 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -717,10 +717,7 @@ int tls1_setup_key_block(SSL *s) ret = 1; err: - if (p2) { - OPENSSL_cleanse(p2, num); - OPENSSL_free(p2); - } + OPENSSL_clear_free(p2, num); return (ret); } diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 33d398fff7..5d895ccab3 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -339,7 +339,7 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key) { BIGNUM *K = NULL, *u = NULL; - int ret = -1, tmp_len; + int ret = -1, tmp_len = 0; unsigned char *tmp = NULL; if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N)) @@ -360,10 +360,7 @@ int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key) s->method->ssl3_enc->generate_master_secret(s, master_key, tmp, tmp_len); err: - if (tmp) { - OPENSSL_cleanse(tmp, tmp_len); - OPENSSL_free(tmp); - } + OPENSSL_clear_free(tmp, tmp_len); BN_clear_free(K); BN_clear_free(u); return ret; @@ -373,7 +370,7 @@ int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key) int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key) { BIGNUM *x = NULL, *u = NULL, *K = NULL; - int ret = -1, tmp_len; + int ret = -1, tmp_len = 0; char *passwd = NULL; unsigned char *tmp = NULL; @@ -407,16 +404,10 @@ int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key) s->method->ssl3_enc->generate_master_secret(s, master_key, tmp, tmp_len); err: - if (tmp) { - OPENSSL_cleanse(tmp, tmp_len); - OPENSSL_free(tmp); - } + OPENSSL_clear_free(tmp, tmp_len); BN_clear_free(K); BN_clear_free(x); - if (passwd) { - OPENSSL_cleanse(passwd, strlen(passwd)); - OPENSSL_free(passwd); - } + OPENSSL_clear_free(passwd, strlen(passwd)); BN_clear_free(u); return ret; } |