summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing@openbsd.org <jsing@openbsd.org>2018-02-07 02:06:50 +0000
committerDarren Tucker <dtucker@dtucker.net>2018-02-08 09:26:27 +1100
commit7cd31632e3a6607170ed0c9ed413a7ded5b9b377 (patch)
tree2acf74a8e668468768bdf9fe1b48d2289b3299bb
parent3c000d57d46882eb736c6563edfc4995915c24a2 (diff)
upstream commit
Remove all guards for calls to OpenSSL free functions - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. Prompted by dtucker@ asking about guards for RSA_free(), when looking at openssh-portable pr#84 on github. ok deraadt@ dtucker@ OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
Diffstat
-rw-r--r--cipher.c11
-rw-r--r--dh.c8
-rw-r--r--kex.c8
-rw-r--r--kexdhc.c8
-rw-r--r--kexdhs.c8
-rw-r--r--kexecdhc.c17
-rw-r--r--kexecdhs.c14
-rw-r--r--kexgexc.c14
-rw-r--r--kexgexs.c8
-rw-r--r--ssh-dss.c8
-rw-r--r--ssh-ecdsa.c8
-rw-r--r--ssh-pkcs11.c5
-rw-r--r--sshkey.c53
13 files changed, 61 insertions, 109 deletions
diff --git a/cipher.c b/cipher.c
index aa8cfcf67..f3d4f69a5 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cipher.c,v 1.108 2017/11/03 02:22:41 djm Exp $ */ 1/* $OpenBSD: cipher.c,v 1.109 2018/02/07 02:06:50 jsing Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -310,8 +310,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
310 } else { 310 } else {
311 if (cc != NULL) { 311 if (cc != NULL) {
312#ifdef WITH_OPENSSL 312#ifdef WITH_OPENSSL
313 if (cc->evp != NULL) 313 EVP_CIPHER_CTX_free(cc->evp);
314 EVP_CIPHER_CTX_free(cc->evp);
315#endif /* WITH_OPENSSL */ 314#endif /* WITH_OPENSSL */
316 explicit_bzero(cc, sizeof(*cc)); 315 explicit_bzero(cc, sizeof(*cc));
317 free(cc); 316 free(cc);
@@ -416,10 +415,8 @@ cipher_free(struct sshcipher_ctx *cc)
416 else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) 415 else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
417 explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); 416 explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
418#ifdef WITH_OPENSSL 417#ifdef WITH_OPENSSL
419 if (cc->evp != NULL) { 418 EVP_CIPHER_CTX_free(cc->evp);
420 EVP_CIPHER_CTX_free(cc->evp); 419 cc->evp = NULL;
421 cc->evp = NULL;
422 }
423#endif 420#endif
424 explicit_bzero(cc, sizeof(*cc)); 421 explicit_bzero(cc, sizeof(*cc));
425 free(cc); 422 free(cc);
diff --git a/dh.c b/dh.c
index eebee2377..46afba033 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.c,v 1.62 2016/12/15 21:20:41 dtucker Exp $ */ 1/* $OpenBSD: dh.c,v 1.63 2018/02/07 02:06:50 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * 4 *
@@ -135,10 +135,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
135 return 1; 135 return 1;
136 136
137 fail: 137 fail:
138 if (dhg->g != NULL) 138 BN_clear_free(dhg->g);
139 BN_clear_free(dhg->g); 139 BN_clear_free(dhg->p);
140 if (dhg->p != NULL)
141 BN_clear_free(dhg->p);
142 dhg->g = dhg->p = NULL; 140 dhg->g = dhg->p = NULL;
143 return 0; 141 return 0;
144} 142}
diff --git a/kex.c b/kex.c
index 83c6199f3..15ea28b07 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.135 2018/01/23 05:27:21 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.136 2018/02/07 02:06:50 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -587,11 +587,9 @@ kex_free(struct kex *kex)
587 u_int mode; 587 u_int mode;
588 588
589#ifdef WITH_OPENSSL 589#ifdef WITH_OPENSSL
590 if (kex->dh) 590 DH_free(kex->dh);
591 DH_free(kex->dh);
592#ifdef OPENSSL_HAS_ECC 591#ifdef OPENSSL_HAS_ECC
593 if (kex->ec_client_key) 592 EC_KEY_free(kex->ec_client_key);
594 EC_KEY_free(kex->ec_client_key);
595#endif /* OPENSSL_HAS_ECC */ 593#endif /* OPENSSL_HAS_ECC */
596#endif /* WITH_OPENSSL */ 594#endif /* WITH_OPENSSL */
597 for (mode = 0; mode < MODE_MAX; mode++) { 595 for (mode = 0; mode < MODE_MAX; mode++) {
diff --git a/kexdhc.c b/kexdhc.c
index 5e1a353a5..9a9f1ea78 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhc.c,v 1.21 2017/12/18 02:25:15 djm Exp $ */ 1/* $OpenBSD: kexdhc.c,v 1.22 2018/02/07 02:06:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -203,14 +203,12 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
203 explicit_bzero(hash, sizeof(hash)); 203 explicit_bzero(hash, sizeof(hash));
204 DH_free(kex->dh); 204 DH_free(kex->dh);
205 kex->dh = NULL; 205 kex->dh = NULL;
206 if (dh_server_pub) 206 BN_clear_free(dh_server_pub);
207 BN_clear_free(dh_server_pub);
208 if (kbuf) { 207 if (kbuf) {
209 explicit_bzero(kbuf, klen); 208 explicit_bzero(kbuf, klen);
210 free(kbuf); 209 free(kbuf);
211 } 210 }
212 if (shared_secret) 211 BN_clear_free(shared_secret);
213 BN_clear_free(shared_secret);
214 sshkey_free(server_host_key); 212 sshkey_free(server_host_key);
215 free(server_host_key_blob); 213 free(server_host_key_blob);
216 free(signature); 214 free(signature);
diff --git a/kexdhs.c b/kexdhs.c
index 81ce56d7a..da8f4c439 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexdhs.c,v 1.25 2017/05/30 14:23:52 markus Exp $ */ 1/* $OpenBSD: kexdhs.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -208,14 +208,12 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
208 explicit_bzero(hash, sizeof(hash)); 208 explicit_bzero(hash, sizeof(hash));
209 DH_free(kex->dh); 209 DH_free(kex->dh);
210 kex->dh = NULL; 210 kex->dh = NULL;
211 if (dh_client_pub) 211 BN_clear_free(dh_client_pub);
212 BN_clear_free(dh_client_pub);
213 if (kbuf) { 212 if (kbuf) {
214 explicit_bzero(kbuf, klen); 213 explicit_bzero(kbuf, klen);
215 free(kbuf); 214 free(kbuf);
216 } 215 }
217 if (shared_secret) 216 BN_clear_free(shared_secret);
218 BN_clear_free(shared_secret);
219 free(server_host_key_blob); 217 free(server_host_key_blob);
220 free(signature); 218 free(signature);
221 return r; 219 return r;
diff --git a/kexecdhc.c b/kexecdhc.c
index 67669b3bf..ac146a362 100644
--- a/kexecdhc.c
+++ b/kexecdhc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexecdhc.c,v 1.12 2017/12/18 02:25:15 djm Exp $ */ 1/* $OpenBSD: kexecdhc.c,v 1.13 2018/02/07 02:06:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -89,8 +89,7 @@ kexecdh_client(struct ssh *ssh)
89 ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_ecdh_reply); 89 ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_ecdh_reply);
90 r = 0; 90 r = 0;
91 out: 91 out:
92 if (client_key) 92 EC_KEY_free(client_key);
93 EC_KEY_free(client_key);
94 return r; 93 return r;
95} 94}
96 95
@@ -206,18 +205,14 @@ input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh)
206 r = kex_send_newkeys(ssh); 205 r = kex_send_newkeys(ssh);
207 out: 206 out:
208 explicit_bzero(hash, sizeof(hash)); 207 explicit_bzero(hash, sizeof(hash));
209 if (kex->ec_client_key) { 208 EC_KEY_free(kex->ec_client_key);
210 EC_KEY_free(kex->ec_client_key); 209 kex->ec_client_key = NULL;
211 kex->ec_client_key = NULL; 210 EC_POINT_clear_free(server_public);
212 }
213 if (server_public)
214 EC_POINT_clear_free(server_public);
215 if (kbuf) { 211 if (kbuf) {
216 explicit_bzero(kbuf, klen); 212 explicit_bzero(kbuf, klen);
217 free(kbuf); 213 free(kbuf);
218 } 214 }
219 if (shared_secret) 215 BN_clear_free(shared_secret);
220 BN_clear_free(shared_secret);
221 sshkey_free(server_host_key); 216 sshkey_free(server_host_key);
222 free(server_host_key_blob); 217 free(server_host_key_blob);
223 free(signature); 218 free(signature);
diff --git a/kexecdhs.c b/kexecdhs.c
index dc24a3af6..af4f30309 100644
--- a/kexecdhs.c
+++ b/kexecdhs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexecdhs.c,v 1.16 2017/05/30 14:23:52 markus Exp $ */ 1/* $OpenBSD: kexecdhs.c,v 1.17 2018/02/07 02:06:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -187,18 +187,14 @@ input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh)
187 r = kex_send_newkeys(ssh); 187 r = kex_send_newkeys(ssh);
188 out: 188 out:
189 explicit_bzero(hash, sizeof(hash)); 189 explicit_bzero(hash, sizeof(hash));
190 if (kex->ec_client_key) { 190 EC_KEY_free(kex->ec_client_key);
191 EC_KEY_free(kex->ec_client_key); 191 kex->ec_client_key = NULL;
192 kex->ec_client_key = NULL; 192 EC_KEY_free(server_key);
193 }
194 if (server_key)
195 EC_KEY_free(server_key);
196 if (kbuf) { 193 if (kbuf) {
197 explicit_bzero(kbuf, klen); 194 explicit_bzero(kbuf, klen);
198 free(kbuf); 195 free(kbuf);
199 } 196 }
200 if (shared_secret) 197 BN_clear_free(shared_secret);
201 BN_clear_free(shared_secret);
202 free(server_host_key_blob); 198 free(server_host_key_blob);
203 free(signature); 199 free(signature);
204 return r; 200 return r;
diff --git a/kexgexc.c b/kexgexc.c
index 6f8cf48a6..762a9a322 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexc.c,v 1.26 2017/12/18 02:25:15 djm Exp $ */ 1/* $OpenBSD: kexgexc.c,v 1.27 2018/02/07 02:06:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -134,10 +134,8 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
134 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply); 134 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply);
135 r = 0; 135 r = 0;
136out: 136out:
137 if (p) 137 BN_clear_free(p);
138 BN_clear_free(p); 138 BN_clear_free(g);
139 if (g)
140 BN_clear_free(g);
141 return r; 139 return r;
142} 140}
143 141
@@ -250,14 +248,12 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
250 explicit_bzero(hash, sizeof(hash)); 248 explicit_bzero(hash, sizeof(hash));
251 DH_free(kex->dh); 249 DH_free(kex->dh);
252 kex->dh = NULL; 250 kex->dh = NULL;
253 if (dh_server_pub) 251 BN_clear_free(dh_server_pub);
254 BN_clear_free(dh_server_pub);
255 if (kbuf) { 252 if (kbuf) {
256 explicit_bzero(kbuf, klen); 253 explicit_bzero(kbuf, klen);
257 free(kbuf); 254 free(kbuf);
258 } 255 }
259 if (shared_secret) 256 BN_clear_free(shared_secret);
260 BN_clear_free(shared_secret);
261 sshkey_free(server_host_key); 257 sshkey_free(server_host_key);
262 free(server_host_key_blob); 258 free(server_host_key_blob);
263 free(signature); 259 free(signature);
diff --git a/kexgexs.c b/kexgexs.c
index c5dd00578..d7b48ea88 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexgexs.c,v 1.31 2017/05/30 14:23:52 markus Exp $ */ 1/* $OpenBSD: kexgexs.c,v 1.32 2018/02/07 02:06:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -237,14 +237,12 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
237 out: 237 out:
238 DH_free(kex->dh); 238 DH_free(kex->dh);
239 kex->dh = NULL; 239 kex->dh = NULL;
240 if (dh_client_pub) 240 BN_clear_free(dh_client_pub);
241 BN_clear_free(dh_client_pub);
242 if (kbuf) { 241 if (kbuf) {
243 explicit_bzero(kbuf, klen); 242 explicit_bzero(kbuf, klen);
244 free(kbuf); 243 free(kbuf);
245 } 244 }
246 if (shared_secret) 245 BN_clear_free(shared_secret);
247 BN_clear_free(shared_secret);
248 free(server_host_key_blob); 246 free(server_host_key_blob);
249 free(signature); 247 free(signature);
250 return r; 248 return r;
diff --git a/ssh-dss.c b/ssh-dss.c
index cda498a87..9f832ee2b 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-dss.c,v 1.36 2018/01/23 05:27:21 djm Exp $ */ 1/* $OpenBSD: ssh-dss.c,v 1.37 2018/02/07 02:06:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -107,8 +107,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
107 ret = 0; 107 ret = 0;
108 out: 108 out:
109 explicit_bzero(digest, sizeof(digest)); 109 explicit_bzero(digest, sizeof(digest));
110 if (sig != NULL) 110 DSA_SIG_free(sig);
111 DSA_SIG_free(sig);
112 sshbuf_free(b); 111 sshbuf_free(b);
113 return ret; 112 return ret;
114} 113}
@@ -186,8 +185,7 @@ ssh_dss_verify(const struct sshkey *key,
186 185
187 out: 186 out:
188 explicit_bzero(digest, sizeof(digest)); 187 explicit_bzero(digest, sizeof(digest));
189 if (sig != NULL) 188 DSA_SIG_free(sig);
190 DSA_SIG_free(sig);
191 sshbuf_free(b); 189 sshbuf_free(b);
192 free(ktype); 190 free(ktype);
193 if (sigblob != NULL) { 191 if (sigblob != NULL) {
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
index d7bf3c69b..3d3b78d7b 100644
--- a/ssh-ecdsa.c
+++ b/ssh-ecdsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-ecdsa.c,v 1.13 2016/04/21 06:08:02 djm Exp $ */ 1/* $OpenBSD: ssh-ecdsa.c,v 1.14 2018/02/07 02:06:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2010 Damien Miller. All rights reserved. 4 * Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -101,8 +101,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
101 explicit_bzero(digest, sizeof(digest)); 101 explicit_bzero(digest, sizeof(digest));
102 sshbuf_free(b); 102 sshbuf_free(b);
103 sshbuf_free(bb); 103 sshbuf_free(bb);
104 if (sig != NULL) 104 ECDSA_SIG_free(sig);
105 ECDSA_SIG_free(sig);
106 return ret; 105 return ret;
107} 106}
108 107
@@ -180,8 +179,7 @@ ssh_ecdsa_verify(const struct sshkey *key,
180 explicit_bzero(digest, sizeof(digest)); 179 explicit_bzero(digest, sizeof(digest));
181 sshbuf_free(sigbuf); 180 sshbuf_free(sigbuf);
182 sshbuf_free(b); 181 sshbuf_free(b);
183 if (sig != NULL) 182 ECDSA_SIG_free(sig);
184 ECDSA_SIG_free(sig);
185 free(ktype); 183 free(ktype);
186 return ret; 184 return ret;
187} 185}
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index b37491c5d..65a7b5897 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-pkcs11.c,v 1.25 2017/05/31 09:15:42 deraadt Exp $ */ 1/* $OpenBSD: ssh-pkcs11.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2010 Markus Friedl. All rights reserved. 3 * Copyright (c) 2010 Markus Friedl. All rights reserved.
4 * 4 *
@@ -532,8 +532,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
532 == NULL) { 532 == NULL) {
533 error("RSAPublicKey_dup"); 533 error("RSAPublicKey_dup");
534 } 534 }
535 if (x509) 535 X509_free(x509);
536 X509_free(x509);
537 } 536 }
538 if (rsa && rsa->n && rsa->e && 537 if (rsa && rsa->n && rsa->e &&
539 pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { 538 pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
diff --git a/sshkey.c b/sshkey.c
index 91e0073ff..fb987d6b7 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey.c,v 1.59 2017/12/18 02:25:15 djm Exp $ */ 1/* $OpenBSD: sshkey.c,v 1.60 2018/02/07 02:06:51 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved. 4 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -469,8 +469,7 @@ sshkey_new(int type)
469 if ((rsa = RSA_new()) == NULL || 469 if ((rsa = RSA_new()) == NULL ||
470 (rsa->n = BN_new()) == NULL || 470 (rsa->n = BN_new()) == NULL ||
471 (rsa->e = BN_new()) == NULL) { 471 (rsa->e = BN_new()) == NULL) {
472 if (rsa != NULL) 472 RSA_free(rsa);
473 RSA_free(rsa);
474 free(k); 473 free(k);
475 return NULL; 474 return NULL;
476 } 475 }
@@ -483,8 +482,7 @@ sshkey_new(int type)
483 (dsa->q = BN_new()) == NULL || 482 (dsa->q = BN_new()) == NULL ||
484 (dsa->g = BN_new()) == NULL || 483 (dsa->g = BN_new()) == NULL ||
485 (dsa->pub_key = BN_new()) == NULL) { 484 (dsa->pub_key = BN_new()) == NULL) {
486 if (dsa != NULL) 485 DSA_free(dsa);
487 DSA_free(dsa);
488 free(k); 486 free(k);
489 return NULL; 487 return NULL;
490 } 488 }
@@ -578,21 +576,18 @@ sshkey_free(struct sshkey *k)
578#ifdef WITH_OPENSSL 576#ifdef WITH_OPENSSL
579 case KEY_RSA: 577 case KEY_RSA:
580 case KEY_RSA_CERT: 578 case KEY_RSA_CERT:
581 if (k->rsa != NULL) 579 RSA_free(k->rsa);
582 RSA_free(k->rsa);
583 k->rsa = NULL; 580 k->rsa = NULL;
584 break; 581 break;
585 case KEY_DSA: 582 case KEY_DSA:
586 case KEY_DSA_CERT: 583 case KEY_DSA_CERT:
587 if (k->dsa != NULL) 584 DSA_free(k->dsa);
588 DSA_free(k->dsa);
589 k->dsa = NULL; 585 k->dsa = NULL;
590 break; 586 break;
591# ifdef OPENSSL_HAS_ECC 587# ifdef OPENSSL_HAS_ECC
592 case KEY_ECDSA: 588 case KEY_ECDSA:
593 case KEY_ECDSA_CERT: 589 case KEY_ECDSA_CERT:
594 if (k->ecdsa != NULL) 590 EC_KEY_free(k->ecdsa);
595 EC_KEY_free(k->ecdsa);
596 k->ecdsa = NULL; 591 k->ecdsa = NULL;
597 break; 592 break;
598# endif /* OPENSSL_HAS_ECC */ 593# endif /* OPENSSL_HAS_ECC */
@@ -1248,8 +1243,7 @@ sshkey_read(struct sshkey *ret, char **cpp)
1248 switch (sshkey_type_plain(ret->type)) { 1243 switch (sshkey_type_plain(ret->type)) {
1249#ifdef WITH_OPENSSL 1244#ifdef WITH_OPENSSL
1250 case KEY_RSA: 1245 case KEY_RSA:
1251 if (ret->rsa != NULL) 1246 RSA_free(ret->rsa);
1252 RSA_free(ret->rsa);
1253 ret->rsa = k->rsa; 1247 ret->rsa = k->rsa;
1254 k->rsa = NULL; 1248 k->rsa = NULL;
1255#ifdef DEBUG_PK 1249#ifdef DEBUG_PK
@@ -1257,8 +1251,7 @@ sshkey_read(struct sshkey *ret, char **cpp)
1257#endif 1251#endif
1258 break; 1252 break;
1259 case KEY_DSA: 1253 case KEY_DSA:
1260 if (ret->dsa != NULL) 1254 DSA_free(ret->dsa);
1261 DSA_free(ret->dsa);
1262 ret->dsa = k->dsa; 1255 ret->dsa = k->dsa;
1263 k->dsa = NULL; 1256 k->dsa = NULL;
1264#ifdef DEBUG_PK 1257#ifdef DEBUG_PK
@@ -1267,8 +1260,7 @@ sshkey_read(struct sshkey *ret, char **cpp)
1267 break; 1260 break;
1268# ifdef OPENSSL_HAS_ECC 1261# ifdef OPENSSL_HAS_ECC
1269 case KEY_ECDSA: 1262 case KEY_ECDSA:
1270 if (ret->ecdsa != NULL) 1263 EC_KEY_free(ret->ecdsa);
1271 EC_KEY_free(ret->ecdsa);
1272 ret->ecdsa = k->ecdsa; 1264 ret->ecdsa = k->ecdsa;
1273 ret->ecdsa_nid = k->ecdsa_nid; 1265 ret->ecdsa_nid = k->ecdsa_nid;
1274 k->ecdsa = NULL; 1266 k->ecdsa = NULL;
@@ -1410,10 +1402,8 @@ rsa_generate_private_key(u_int bits, RSA **rsap)
1410 private = NULL; 1402 private = NULL;
1411 ret = 0; 1403 ret = 0;
1412 out: 1404 out:
1413 if (private != NULL) 1405 RSA_free(private);
1414 RSA_free(private); 1406 BN_free(f4);
1415 if (f4 != NULL)
1416 BN_free(f4);
1417 return ret; 1407 return ret;
1418} 1408}
1419 1409
@@ -1441,8 +1431,7 @@ dsa_generate_private_key(u_int bits, DSA **dsap)
1441 private = NULL; 1431 private = NULL;
1442 ret = 0; 1432 ret = 0;
1443 out: 1433 out:
1444 if (private != NULL) 1434 DSA_free(private);
1445 DSA_free(private);
1446 return ret; 1435 return ret;
1447} 1436}
1448 1437
@@ -1521,8 +1510,7 @@ ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap)
1521 private = NULL; 1510 private = NULL;
1522 ret = 0; 1511 ret = 0;
1523 out: 1512 out:
1524 if (private != NULL) 1513 EC_KEY_free(private);
1525 EC_KEY_free(private);
1526 return ret; 1514 return ret;
1527} 1515}
1528# endif /* OPENSSL_HAS_ECC */ 1516# endif /* OPENSSL_HAS_ECC */
@@ -1933,8 +1921,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
1933 ret = SSH_ERR_EC_CURVE_MISMATCH; 1921 ret = SSH_ERR_EC_CURVE_MISMATCH;
1934 goto out; 1922 goto out;
1935 } 1923 }
1936 if (key->ecdsa != NULL) 1924 EC_KEY_free(key->ecdsa);
1937 EC_KEY_free(key->ecdsa);
1938 if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) 1925 if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid))
1939 == NULL) { 1926 == NULL) {
1940 ret = SSH_ERR_EC_CURVE_INVALID; 1927 ret = SSH_ERR_EC_CURVE_INVALID;
@@ -2011,8 +1998,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2011 free(curve); 1998 free(curve);
2012 free(pk); 1999 free(pk);
2013#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) 2000#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
2014 if (q != NULL) 2001 EC_POINT_free(q);
2015 EC_POINT_free(q);
2016#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */ 2002#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
2017 return ret; 2003 return ret;
2018} 2004}
@@ -2765,8 +2751,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2765 free(tname); 2751 free(tname);
2766 free(curve); 2752 free(curve);
2767#ifdef WITH_OPENSSL 2753#ifdef WITH_OPENSSL
2768 if (exponent != NULL) 2754 BN_clear_free(exponent);
2769 BN_clear_free(exponent);
2770#endif /* WITH_OPENSSL */ 2755#endif /* WITH_OPENSSL */
2771 sshkey_free(k); 2756 sshkey_free(k);
2772 if (ed25519_pk != NULL) { 2757 if (ed25519_pk != NULL) {
@@ -2854,8 +2839,7 @@ sshkey_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
2854 ret = 0; 2839 ret = 0;
2855 out: 2840 out:
2856 BN_CTX_free(bnctx); 2841 BN_CTX_free(bnctx);
2857 if (nq != NULL) 2842 EC_POINT_free(nq);
2858 EC_POINT_free(nq);
2859 return ret; 2843 return ret;
2860} 2844}
2861 2845
@@ -3550,8 +3534,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
3550 } 3534 }
3551 out: 3535 out:
3552 BIO_free(bio); 3536 BIO_free(bio);
3553 if (pk != NULL) 3537 EVP_PKEY_free(pk);
3554 EVP_PKEY_free(pk);
3555 sshkey_free(prv); 3538 sshkey_free(prv);
3556 return r; 3539 return r;
3557} 3540}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 17:37:45 +0000