From 4b45c6e52b208deff7da333d1c7f84bcd3986609 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 30 Apr 2015 17:57:32 -0400 Subject: free cleanup almost the finale Add OPENSSL_clear_free which merges cleanse and free. (Names was picked to be similar to BN_clear_free, etc.) Removed OPENSSL_freeFunc macro. Fixed the small simple ones that are left: CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked Reviewed-by: Richard Levitte --- crypto/cms/cms_asn1.c | 10 ++-------- crypto/cms/cms_enc.c | 11 +++-------- crypto/cms/cms_env.c | 15 ++++----------- crypto/cms/cms_kari.c | 5 +---- crypto/cms/cms_pwri.c | 3 +-- 5 files changed, 11 insertions(+), 33 deletions(-) (limited to 'crypto/cms') diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 2b61768847..893ad4657b 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -251,16 +251,10 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, EVP_PKEY_CTX_free(ktri->pctx); } else if (ri->type == CMS_RECIPINFO_KEK) { CMS_KEKRecipientInfo *kekri = ri->d.kekri; - if (kekri->key) { - OPENSSL_cleanse(kekri->key, kekri->keylen); - OPENSSL_free(kekri->key); - } + OPENSSL_clear_free(kekri->key, kekri->keylen); } else if (ri->type == CMS_RECIPINFO_PASS) { CMS_PasswordRecipientInfo *pwri = ri->d.pwri; - if (pwri->pass) { - OPENSSL_cleanse(pwri->pass, pwri->passlen); - OPENSSL_free(pwri->pass); - } + OPENSSL_clear_free(pwri->pass, pwri->passlen); } } return 1; diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index ffa85fc0dd..f1ac1d535b 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -164,8 +164,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) goto err; } else { /* Use random key */ - OPENSSL_cleanse(ec->key, ec->keylen); - OPENSSL_free(ec->key); + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = tkey; ec->keylen = tkeylen; tkey = NULL; @@ -196,14 +195,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) err: if (ec->key && !keep_key) { - OPENSSL_cleanse(ec->key, ec->keylen); - OPENSSL_free(ec->key); + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = NULL; } - if (tkey) { - OPENSSL_cleanse(tkey, tkeylen); - OPENSSL_free(tkey); - } + OPENSSL_clear_free(tkey, tkeylen); if (ok) return b; BIO_free(b); diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 98c1fe0120..d146f845e9 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -465,11 +465,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, ret = 1; - if (ec->key) { - OPENSSL_cleanse(ec->key, ec->keylen); - OPENSSL_free(ec->key); - } - + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = ek; ec->keylen = eklen; @@ -937,12 +933,9 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) err: ec->cipher = NULL; - if (ec->key) { - OPENSSL_cleanse(ec->key, ec->keylen); - OPENSSL_free(ec->key); - ec->key = NULL; - ec->keylen = 0; - } + OPENSSL_clear_free(ec->key, ec->keylen); + ec->key = NULL; + ec->keylen = 0; if (ok) return ret; BIO_free(ret); diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 69a51157e1..17b62ddd8c 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -294,10 +294,7 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0)) goto err; ec = cms->d.envelopedData->encryptedContentInfo; - if (ec->key) { - OPENSSL_cleanse(ec->key, ec->keylen); - OPENSSL_free(ec->key); - } + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = cek; ec->keylen = ceklen; cek = NULL; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index ece5ce3640..64165022f3 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -263,8 +263,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, memcpy(out, tmp + 4, *outlen); rv = 1; err: - OPENSSL_cleanse(tmp, inlen); - OPENSSL_free(tmp); + OPENSSL_clear_free(tmp, inlen); return rv; } -- cgit v1.2.3