diff options
-rw-r--r-- | sshkey.c | 37 |
1 files changed, 11 insertions, 26 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.60 2018/02/07 02:06:51 jsing Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.61 2018/02/14 16:03:32 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -420,8 +420,7 @@ cert_free(struct sshkey_cert *cert) | |||
420 | free(cert->principals[i]); | 420 | free(cert->principals[i]); |
421 | free(cert->principals); | 421 | free(cert->principals); |
422 | sshkey_free(cert->signature_key); | 422 | sshkey_free(cert->signature_key); |
423 | explicit_bzero(cert, sizeof(*cert)); | 423 | freezero(cert, sizeof(*cert)); |
424 | free(cert); | ||
425 | } | 424 | } |
426 | 425 | ||
427 | static struct sshkey_cert * | 426 | static struct sshkey_cert * |
@@ -594,16 +593,10 @@ sshkey_free(struct sshkey *k) | |||
594 | #endif /* WITH_OPENSSL */ | 593 | #endif /* WITH_OPENSSL */ |
595 | case KEY_ED25519: | 594 | case KEY_ED25519: |
596 | case KEY_ED25519_CERT: | 595 | case KEY_ED25519_CERT: |
597 | if (k->ed25519_pk) { | 596 | freezero(k->ed25519_pk, ED25519_PK_SZ); |
598 | explicit_bzero(k->ed25519_pk, ED25519_PK_SZ); | 597 | k->ed25519_pk = NULL; |
599 | free(k->ed25519_pk); | 598 | freezero(k->ed25519_sk, ED25519_SK_SZ); |
600 | k->ed25519_pk = NULL; | 599 | k->ed25519_sk = NULL; |
601 | } | ||
602 | if (k->ed25519_sk) { | ||
603 | explicit_bzero(k->ed25519_sk, ED25519_SK_SZ); | ||
604 | free(k->ed25519_sk); | ||
605 | k->ed25519_sk = NULL; | ||
606 | } | ||
607 | break; | 600 | break; |
608 | case KEY_UNSPEC: | 601 | case KEY_UNSPEC: |
609 | break; | 602 | break; |
@@ -612,8 +605,7 @@ sshkey_free(struct sshkey *k) | |||
612 | } | 605 | } |
613 | if (sshkey_is_cert(k)) | 606 | if (sshkey_is_cert(k)) |
614 | cert_free(k->cert); | 607 | cert_free(k->cert); |
615 | explicit_bzero(k, sizeof(*k)); | 608 | freezero(k, sizeof(*k)); |
616 | free(k); | ||
617 | } | 609 | } |
618 | 610 | ||
619 | static int | 611 | static int |
@@ -906,8 +898,7 @@ fingerprint_b64(const char *alg, u_char *dgst_raw, size_t dgst_raw_len) | |||
906 | return ret; | 898 | return ret; |
907 | if ((r = b64_ntop(dgst_raw, dgst_raw_len, | 899 | if ((r = b64_ntop(dgst_raw, dgst_raw_len, |
908 | ret + plen, rlen - plen)) == -1) { | 900 | ret + plen, rlen - plen)) == -1) { |
909 | explicit_bzero(ret, rlen); | 901 | freezero(ret, rlen); |
910 | free(ret); | ||
911 | return NULL; | 902 | return NULL; |
912 | } | 903 | } |
913 | /* Trim padding characters from end */ | 904 | /* Trim padding characters from end */ |
@@ -1272,7 +1263,7 @@ sshkey_read(struct sshkey *ret, char **cpp) | |||
1272 | # endif /* OPENSSL_HAS_ECC */ | 1263 | # endif /* OPENSSL_HAS_ECC */ |
1273 | #endif /* WITH_OPENSSL */ | 1264 | #endif /* WITH_OPENSSL */ |
1274 | case KEY_ED25519: | 1265 | case KEY_ED25519: |
1275 | free(ret->ed25519_pk); | 1266 | freezero(ret->ed25519_pk, ED25519_PK_SZ); |
1276 | ret->ed25519_pk = k->ed25519_pk; | 1267 | ret->ed25519_pk = k->ed25519_pk; |
1277 | k->ed25519_pk = NULL; | 1268 | k->ed25519_pk = NULL; |
1278 | #ifdef DEBUG_PK | 1269 | #ifdef DEBUG_PK |
@@ -2754,14 +2745,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) | |||
2754 | BN_clear_free(exponent); | 2745 | BN_clear_free(exponent); |
2755 | #endif /* WITH_OPENSSL */ | 2746 | #endif /* WITH_OPENSSL */ |
2756 | sshkey_free(k); | 2747 | sshkey_free(k); |
2757 | if (ed25519_pk != NULL) { | 2748 | freezero(ed25519_pk, pklen); |
2758 | explicit_bzero(ed25519_pk, pklen); | 2749 | freezero(ed25519_sk, sklen); |
2759 | free(ed25519_pk); | ||
2760 | } | ||
2761 | if (ed25519_sk != NULL) { | ||
2762 | explicit_bzero(ed25519_sk, sklen); | ||
2763 | free(ed25519_sk); | ||
2764 | } | ||
2765 | return r; | 2750 | return r; |
2766 | } | 2751 | } |
2767 | 2752 | ||