summaryrefslogtreecommitdiff
path: root/sshkey.c
diff options
context:
space:
mode:
authorjsg@openbsd.org <jsg@openbsd.org>2020-02-26 13:40:09 +0000
committerDamien Miller <djm@mindrot.org>2020-02-28 12:26:28 +1100
commitd5ba1c03278eb079438bb038266d80d7477d49cb (patch)
tree6d8dd2d802af796bcb7c9d6d018196a448bb9ff6 /sshkey.c
parent9e3220b585c5be19a7431ea4ff8884c137b3a81c (diff)
upstream: change explicit_bzero();free() to freezero()
While freezero() returns early if the pointer is NULL the tests for NULL in callers are left to avoid warnings about passing an uninitialised size argument across a function boundry. ok deraadt@ djm@ OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
Diffstat (limited to 'sshkey.c')
-rw-r--r--sshkey.c44
1 files changed, 15 insertions, 29 deletions
diff --git a/sshkey.c b/sshkey.c
index 57995ee6..63e568a0 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.99 2020/01/21 05:56:56 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.100 2020/02/26 13:40:09 jsg Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -1019,10 +1019,8 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg,
r = 0;
out:
free(ret);
- if (blob != NULL) {
- explicit_bzero(blob, blob_len);
- free(blob);
- }
+ if (blob != NULL)
+ freezero(blob, blob_len);
return r;
}
@@ -1280,12 +1278,10 @@ sshkey_fingerprint(const struct sshkey *k, int dgst_alg,
dgst_raw, dgst_raw_len, k);
break;
default:
- explicit_bzero(dgst_raw, dgst_raw_len);
- free(dgst_raw);
+ freezero(dgst_raw, dgst_raw_len);
return NULL;
}
- explicit_bzero(dgst_raw, dgst_raw_len);
- free(dgst_raw);
+ freezero(dgst_raw, dgst_raw_len);
return retval;
}
@@ -4054,18 +4050,12 @@ sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob,
sshbuf_free(encrypted);
cipher_free(ciphercontext);
explicit_bzero(salt, sizeof(salt));
- if (key != NULL) {
- explicit_bzero(key, keylen + ivlen);
- free(key);
- }
- if (pubkeyblob != NULL) {
- explicit_bzero(pubkeyblob, pubkeylen);
- free(pubkeyblob);
- }
- if (b64 != NULL) {
- explicit_bzero(b64, strlen(b64));
- free(b64);
- }
+ if (key != NULL)
+ freezero(key, keylen + ivlen);
+ if (pubkeyblob != NULL)
+ freezero(pubkeyblob, pubkeylen);
+ if (b64 != NULL)
+ freezero(b64, strlen(b64));
return r;
}
@@ -4273,14 +4263,10 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
free(ciphername);
free(kdfname);
free(comment);
- if (salt != NULL) {
- explicit_bzero(salt, slen);
- free(salt);
- }
- if (key != NULL) {
- explicit_bzero(key, keylen + ivlen);
- free(key);
- }
+ if (salt != NULL)
+ freezero(salt, slen);
+ if (key != NULL)
+ freezero(key, keylen + ivlen);
sshbuf_free(encoded);
sshbuf_free(decoded);
sshbuf_free(kdf);