[openssh-commits] [openssh] 01/03: upstream: Some obvious freezero() conversions.

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Feb 16 13:35:37 AEDT 2018


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 4270efad7048535b4f250f493d70f9acfb201593
Author: jsing at openbsd.org <jsing at openbsd.org>
Date:   Wed Feb 14 16:03:32 2018 +0000

    upstream: Some obvious freezero() conversions.
    
    This also zeros an ed25519_pk when it was not being zeroed previously.
    
    ok djm@ dtucker@
    
    OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82
---
 sshkey.c | 37 +++++++++++--------------------------
 1 file changed, 11 insertions(+), 26 deletions(-)

diff --git a/sshkey.c b/sshkey.c
index fb987d6b..0e146d4d 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.60 2018/02/07 02:06:51 jsing Exp $ */
+/* $OpenBSD: sshkey.c,v 1.61 2018/02/14 16:03:32 jsing Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -420,8 +420,7 @@ cert_free(struct sshkey_cert *cert)
 		free(cert->principals[i]);
 	free(cert->principals);
 	sshkey_free(cert->signature_key);
-	explicit_bzero(cert, sizeof(*cert));
-	free(cert);
+	freezero(cert, sizeof(*cert));
 }
 
 static struct sshkey_cert *
@@ -594,16 +593,10 @@ sshkey_free(struct sshkey *k)
 #endif /* WITH_OPENSSL */
 	case KEY_ED25519:
 	case KEY_ED25519_CERT:
-		if (k->ed25519_pk) {
-			explicit_bzero(k->ed25519_pk, ED25519_PK_SZ);
-			free(k->ed25519_pk);
-			k->ed25519_pk = NULL;
-		}
-		if (k->ed25519_sk) {
-			explicit_bzero(k->ed25519_sk, ED25519_SK_SZ);
-			free(k->ed25519_sk);
-			k->ed25519_sk = NULL;
-		}
+		freezero(k->ed25519_pk, ED25519_PK_SZ);
+		k->ed25519_pk = NULL;
+		freezero(k->ed25519_sk, ED25519_SK_SZ);
+		k->ed25519_sk = NULL;
 		break;
 	case KEY_UNSPEC:
 		break;
@@ -612,8 +605,7 @@ sshkey_free(struct sshkey *k)
 	}
 	if (sshkey_is_cert(k))
 		cert_free(k->cert);
-	explicit_bzero(k, sizeof(*k));
-	free(k);
+	freezero(k, sizeof(*k));
 }
 
 static int
@@ -906,8 +898,7 @@ fingerprint_b64(const char *alg, u_char *dgst_raw, size_t dgst_raw_len)
 		return ret;
 	if ((r = b64_ntop(dgst_raw, dgst_raw_len,
 	    ret + plen, rlen - plen)) == -1) {
-		explicit_bzero(ret, rlen);
-		free(ret);
+		freezero(ret, rlen);
 		return NULL;
 	}
 	/* Trim padding characters from end */
@@ -1272,7 +1263,7 @@ sshkey_read(struct sshkey *ret, char **cpp)
 # endif /* OPENSSL_HAS_ECC */
 #endif /* WITH_OPENSSL */
 		case KEY_ED25519:
-			free(ret->ed25519_pk);
+			freezero(ret->ed25519_pk, ED25519_PK_SZ);
 			ret->ed25519_pk = k->ed25519_pk;
 			k->ed25519_pk = NULL;
 #ifdef DEBUG_PK
@@ -2754,14 +2745,8 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
 	BN_clear_free(exponent);
 #endif /* WITH_OPENSSL */
 	sshkey_free(k);
-	if (ed25519_pk != NULL) {
-		explicit_bzero(ed25519_pk, pklen);
-		free(ed25519_pk);
-	}
-	if (ed25519_sk != NULL) {
-		explicit_bzero(ed25519_sk, sklen);
-		free(ed25519_sk);
-	}
+	freezero(ed25519_pk, pklen);
+	freezero(ed25519_sk, sklen);
 	return r;
 }
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list