upstream: Some obvious freezero() conversions.

This also zeros an ed25519_pk when it was not being zeroed previously. ok djm@ dtucker@ OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82
author: jsing@openbsd.org <jsing@openbsd.org> 2018-02-14 16:03:32 +0000
committer: Damien Miller <djm@mindrot.org> 2018-02-16 13:35:28 +1100
commit: 4270efad7048535b4f250f493d70f9acfb201593 (patch)
tree: f7ddc28b05200211458b3600eb2ec024f70d90fc /sshkey.c
parent: affa6ba67ffccc30b85d6e98f36eb5afd9386882 (diff)
1 files changed, 11 insertions, 26 deletions
diff --git a/sshkey.c b/sshkey.c
index fb987d6b7..0e146d4d6 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.60 2018/02/07 02:06:51 jsing Exp $ */
+/* $OpenBSD: sshkey.c,v 1.61 2018/02/14 16:03:32 jsing Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -420,8 +420,7 @@ cert_free(struct sshkey_cert *cert)
                free(cert->principals[i]);
        free(cert->principals);
        sshkey_free(cert->signature_key);
-        explicit_bzero(cert, sizeof(*cert));
+        freezero(cert, sizeof(*cert));
-        free(cert);
 }
 static struct sshkey_cert *
@@ -594,16 +593,10 @@ sshkey_free(struct sshkey *k)
 #endif /* WITH_OPENSSL */
        case KEY_ED25519:
        case KEY_ED25519_CERT:
-                if (k->ed25519_pk) {
+                freezero(k->ed25519_pk, ED25519_PK_SZ);
-                        explicit_bzero(k->ed25519_pk, ED25519_PK_SZ);
+                k->ed25519_pk = NULL;
-                        free(k->ed25519_pk);
+                freezero(k->ed25519_sk, ED25519_SK_SZ);
-                        k->ed25519_pk = NULL;
+                k->ed25519_sk = NULL;
-                }
-                if (k->ed25519_sk) {
-                        explicit_bzero(k->ed25519_sk, ED25519_SK_SZ);
-                        free(k->ed25519_sk);
-                        k->ed25519_sk = NULL;
-                }
                break;
        case KEY_UNSPEC:
                break;
@@ -612,8 +605,7 @@ sshkey_free(struct sshkey *k)
        }
        if (sshkey_is_cert(k))
                cert_free(k->cert);
-        explicit_bzero(k, sizeof(*k));
+        freezero(k, sizeof(*k));
-        free(k);
 }
 static int
@@ -906,8 +898,7 @@ fingerprint_b64(const char *alg, u_char *dgst_raw, size_t dgst_raw_len)
                return ret;
        if ((r = b64_ntop(dgst_raw, dgst_raw_len,
            ret + plen, rlen - plen)) == -1) {
-                explicit_bzero(ret, rlen);
+                freezero(ret, rlen);
-                free(ret);
                return NULL;
        }
        /* Trim padding characters from end */
@@ -1272,7 +1263,7 @@ sshkey_read(struct sshkey *ret, char **cpp)
 # endif /* OPENSSL_HAS_ECC */
 #endif /* WITH_OPENSSL */
                case KEY_ED25519:
-                        free(ret->ed25519_pk);
+                        freezero(ret->ed25519_pk, ED25519_PK_SZ);
                        ret->ed25519_pk = k->ed25519_pk;
                        k->ed25519_pk = NULL;
 #ifdef DEBUG_PK
@@ -2754,14 +2745,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
        BN_clear_free(exponent);
 #endif /* WITH_OPENSSL */
        sshkey_free(k);
-        if (ed25519_pk != NULL) {
+        freezero(ed25519_pk, pklen);
-                explicit_bzero(ed25519_pk, pklen);
+        freezero(ed25519_sk, sklen);
-                free(ed25519_pk);
-        }
-        if (ed25519_sk != NULL) {
-                explicit_bzero(ed25519_sk, sklen);
-                free(ed25519_sk);
-        }
        return r;
 }
author	jsing@openbsd.org <jsing@openbsd.org>	2018-02-14 16:03:32 +0000
committer	Damien Miller <djm@mindrot.org>	2018-02-16 13:35:28 +1100
commit	4270efad7048535b4f250f493d70f9acfb201593 (patch)
tree	f7ddc28b05200211458b3600eb2ec024f70d90fc /sshkey.c
parent	affa6ba67ffccc30b85d6e98f36eb5afd9386882 (diff)