Remove redundant calls to |OPENSSL_cleanse| and |OPENSSL_realloc_clean|.

Change-Id: I5c85c4d072ec157b37ed95b284a26ab32c0c42d9
Reviewed-on: https://boringssl-review.googlesource.com/19824
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
Martin Kreichgauer 2017-08-30 10:49:05 -07:00 committed by CQ bot account: commit-bot@chromium.org
parent c5cc88d800
commit 6dc892fcdf
27 changed files with 36 additions and 136 deletions

View File

@ -217,8 +217,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
if (a->data == NULL)
c = (unsigned char *)OPENSSL_malloc(w + 1);
else
c = (unsigned char *)OPENSSL_realloc_clean(a->data,
a->length, w + 1);
c = (unsigned char *)OPENSSL_realloc(a->data, w + 1);
if (c == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return 0;

View File

@ -82,11 +82,7 @@ void BUF_MEM_free(BUF_MEM *buf) {
return;
}
if (buf->data != NULL) {
OPENSSL_cleanse(buf->data, buf->max);
OPENSSL_free(buf->data);
}
OPENSSL_free(buf->data);
OPENSSL_free(buf);
}
@ -109,17 +105,7 @@ static int buf_mem_reserve(BUF_MEM *buf, size_t cap, int clean) {
return 0;
}
char *new_buf;
if (buf->data == NULL) {
new_buf = OPENSSL_malloc(alloc_size);
} else {
if (clean) {
new_buf = OPENSSL_realloc_clean(buf->data, buf->max, alloc_size);
} else {
new_buf = OPENSSL_realloc(buf->data, alloc_size);
}
}
char *new_buf = OPENSSL_realloc(buf->data, alloc_size);
if (new_buf == NULL) {
OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE);
return 0;

View File

@ -102,9 +102,7 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
static void aead_aes_ctr_hmac_sha256_cleanup(EVP_AEAD_CTX *ctx) {
struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx = ctx->aead_state;
OPENSSL_cleanse(aes_ctx, sizeof(struct aead_aes_ctr_hmac_sha256_ctx));
OPENSSL_free(aes_ctx);
OPENSSL_free(ctx->aead_state);
}
static void hmac_update_uint64(SHA256_CTX *sha256, uint64_t value) {

View File

@ -592,9 +592,7 @@ static int aead_aes_gcm_siv_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
static void aead_aes_gcm_siv_cleanup(EVP_AEAD_CTX *ctx) {
struct aead_aes_gcm_siv_ctx *gcm_siv_ctx = ctx->aead_state;
OPENSSL_cleanse(gcm_siv_ctx, sizeof(struct aead_aes_gcm_siv_ctx));
OPENSSL_free(gcm_siv_ctx);
OPENSSL_free(ctx->aead_state);
}
// gcm_siv_crypt encrypts (or decrypts—it's the same thing) |in_len| bytes from

View File

@ -136,9 +136,7 @@ static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
static void aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) {
struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
OPENSSL_cleanse(c20_ctx->key, sizeof(c20_ctx->key));
OPENSSL_free(c20_ctx);
OPENSSL_free(ctx->aead_state);
}
static void poly1305_update_length(poly1305_state *poly1305, size_t data_len) {

View File

@ -48,7 +48,6 @@ static void aead_tls_cleanup(EVP_AEAD_CTX *ctx) {
AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state;
EVP_CIPHER_CTX_cleanup(&tls_ctx->cipher_ctx);
HMAC_CTX_cleanup(&tls_ctx->hmac_ctx);
OPENSSL_cleanse(&tls_ctx->mac_key, sizeof(tls_ctx->mac_key));
OPENSSL_free(tls_ctx);
ctx->aead_state = NULL;
}

View File

@ -24,12 +24,8 @@
static void ed25519_free(EVP_PKEY *pkey) {
if (pkey->pkey.ptr != NULL) {
ED25519_KEY *key = pkey->pkey.ptr;
OPENSSL_cleanse(key, sizeof(ED25519_KEY));
OPENSSL_free(key);
pkey->pkey.ptr = NULL;
}
OPENSSL_free(pkey->pkey.ptr);
pkey->pkey.ptr = NULL;
}
static int set_pubkey(EVP_PKEY *pkey, const uint8_t pubkey[32]) {

View File

@ -108,16 +108,18 @@ void BN_clear_free(BIGNUM *bn) {
}
if (bn->d != NULL) {
OPENSSL_cleanse(bn->d, bn->dmax * sizeof(bn->d[0]));
if ((bn->flags & BN_FLG_STATIC_DATA) == 0) {
OPENSSL_free(bn->d);
} else {
OPENSSL_cleanse(bn->d, bn->dmax * sizeof(bn->d[0]));
}
}
should_free = (bn->flags & BN_FLG_MALLOCED) != 0;
OPENSSL_cleanse(bn, sizeof(BIGNUM));
if (should_free) {
OPENSSL_free(bn);
} else {
OPENSSL_cleanse(bn, sizeof(BIGNUM));
}
}

View File

@ -1168,10 +1168,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
err:
BN_MONT_CTX_free(new_mont);
BN_clear_free(new_a);
if (powerbuf != NULL) {
OPENSSL_cleanse(powerbuf, powerbufLen);
OPENSSL_free(powerbufFree);
}
OPENSSL_free(powerbufFree);
return (ret);
}

View File

@ -188,11 +188,8 @@ static int bn_rand_with_additional_data(BIGNUM *rnd, int bits, int top,
ret = 1;
err:
if (buf != NULL) {
OPENSSL_cleanse(buf, bytes);
OPENSSL_free(buf);
}
return (ret);
OPENSSL_free(buf);
return ret;
}
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {

View File

@ -80,11 +80,8 @@ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) {
}
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) {
if (c->cipher != NULL) {
if (c->cipher->cleanup) {
c->cipher->cleanup(c);
}
OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
if (c->cipher != NULL && c->cipher->cleanup) {
c->cipher->cleanup(c);
}
OPENSSL_free(c->cipher_data);

View File

@ -1197,9 +1197,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
static void aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) {
struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
OPENSSL_cleanse(gcm_ctx, sizeof(struct aead_aes_gcm_ctx));
OPENSSL_free(gcm_ctx);
OPENSSL_free(ctx->aead_state);
}
static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out,
@ -1366,9 +1364,7 @@ static int aead_aes_gcm_tls12_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
static void aead_aes_gcm_tls12_cleanup(EVP_AEAD_CTX *ctx) {
struct aead_aes_gcm_tls12_ctx *gcm_ctx = ctx->aead_state;
OPENSSL_cleanse(gcm_ctx, sizeof(struct aead_aes_gcm_tls12_ctx));
OPENSSL_free(gcm_ctx);
OPENSSL_free(ctx->aead_state);
}
static int aead_aes_gcm_tls12_seal_scatter(

View File

@ -91,7 +91,6 @@ EVP_MD_CTX *EVP_MD_CTX_create(void) {
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) {
if (ctx->digest && ctx->digest->ctx_size && ctx->md_data) {
OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
OPENSSL_free(ctx->md_data);
}

View File

@ -635,7 +635,6 @@ void EC_POINT_clear_free(EC_POINT *point) {
ec_GFp_simple_point_clear_finish(point);
OPENSSL_cleanse(point, sizeof *point);
OPENSSL_free(point);
}

View File

@ -156,7 +156,6 @@ void EC_KEY_free(EC_KEY *r) {
CRYPTO_free_ex_data(g_ec_ex_data_class_bss_get(), r, &r->ex_data);
OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
OPENSSL_free(r);
}

View File

@ -200,10 +200,7 @@ err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (buf != NULL) {
OPENSSL_cleanse(buf, rsa_size);
OPENSSL_free(buf);
}
OPENSSL_free(buf);
return ret;
}
@ -360,10 +357,7 @@ int rsa_default_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
ret = 1;
err:
if (buf != NULL) {
OPENSSL_cleanse(buf, rsa_size);
OPENSSL_free(buf);
}
OPENSSL_free(buf);
return ret;
}
@ -423,8 +417,7 @@ int rsa_default_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
}
err:
if (padding != RSA_NO_PADDING && buf != NULL) {
OPENSSL_cleanse(buf, rsa_size);
if (padding != RSA_NO_PADDING) {
OPENSSL_free(buf);
}

View File

@ -126,16 +126,6 @@ void *OPENSSL_realloc(void *orig_ptr, size_t new_size) {
return ret;
}
void *OPENSSL_realloc_clean(void *orig_ptr, size_t old_size, size_t new_size) {
void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;
size_t actual_size = *(size_t *)ptr;
if (actual_size != old_size) {
return NULL;
}
return OPENSSL_realloc(orig_ptr, new_size);
}
void OPENSSL_cleanse(void *ptr, size_t len) {
#if defined(OPENSSL_WINDOWS)
SecureZeroMemory(ptr, len);

View File

@ -297,7 +297,6 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u)
{
EVP_CIPHER_CTX ctx;
int i, ret = 0;
unsigned char *data = NULL;
const char *objstr = NULL;
@ -374,8 +373,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
ret = 1;
err:
OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
OPENSSL_cleanse(buf, PEM_BUFSIZE);
return (ret);
err:
OPENSSL_cleanse(buf, PEM_BUFSIZE);
return ret;
}

View File

@ -343,10 +343,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
OPENSSL_cleanse(iv, sizeof(iv));
OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
OPENSSL_cleanse(buf, PEM_BUFSIZE);
if (data != NULL) {
OPENSSL_cleanse(data, (unsigned int)dsize);
OPENSSL_free(data);
}
OPENSSL_free(data);
return (ret);
}
@ -562,7 +559,6 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
EVP_EncodeFinal(&ctx, buf, &outl);
if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
goto err;
OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
OPENSSL_free(buf);
buf = NULL;
if ((BIO_write(bp, "-----END ", 9) != 9) ||
@ -572,7 +568,6 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
return (i + outl);
err:
if (buf) {
OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
OPENSSL_free(buf);
}
OPENSSL_PUT_ERROR(PEM, reason);

View File

@ -140,7 +140,6 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
err:
OPENSSL_free(nm);
OPENSSL_cleanse(data, len);
OPENSSL_free(data);
return (ret);
}

View File

@ -214,14 +214,8 @@ int pkcs12_key_gen(const char *pass, size_t pass_len, const uint8_t *salt,
ret = 1;
err:
if (I != NULL) {
OPENSSL_cleanse(I, I_len);
OPENSSL_free(I);
}
if (pass_raw != NULL) {
OPENSSL_cleanse(pass_raw, pass_raw_len);
OPENSSL_free(pass_raw);
}
OPENSSL_free(I);
OPENSSL_free(pass_raw);
EVP_MD_CTX_cleanup(&ctx);
return ret;
}
@ -431,7 +425,6 @@ EVP_PKEY *PKCS8_parse_encrypted_private_key(CBS *cbs, const char *pass,
CBS pki;
CBS_init(&pki, out, out_len);
EVP_PKEY *ret = EVP_parse_private_key(&pki);
OPENSSL_cleanse(out, out_len);
OPENSSL_free(out);
return ret;
}
@ -513,10 +506,7 @@ int PKCS8_marshal_encrypted_private_key(CBB *out, int pbe_nid,
ret = 1;
err:
if (plaintext != NULL) {
OPENSSL_cleanse(plaintext, plaintext_len);
OPENSSL_free(plaintext);
}
OPENSSL_free(plaintext);
OPENSSL_free(salt_buf);
EVP_CIPHER_CTX_cleanup(&ctx);
return ret;

View File

@ -83,7 +83,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
{
EVP_PKEY *pkey;
unsigned char *buf_in = NULL, *buf_out = NULL;
size_t inl = 0, outl = 0, outll = 0;
size_t inl = 0, outl = 0;
pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
@ -96,7 +96,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
}
inl = ASN1_item_i2d(asn, &buf_in, it);
outll = outl = EVP_PKEY_size(pkey);
outl = EVP_PKEY_size(pkey);
buf_out = OPENSSL_malloc((unsigned int)outl);
if ((buf_in == NULL) || (buf_out == NULL)) {
outl = 0;
@ -122,13 +122,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
err:
EVP_MD_CTX_cleanup(ctx);
if (buf_in != NULL) {
OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
OPENSSL_free(buf_in);
}
if (buf_out != NULL) {
OPENSSL_cleanse((char *)buf_out, outll);
OPENSSL_free(buf_out);
}
OPENSSL_free(buf_in);
OPENSSL_free(buf_out);
return (outl);
}

View File

@ -109,10 +109,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
ret = 1;
err:
if (buf_in != NULL) {
OPENSSL_cleanse(buf_in, inl);
OPENSSL_free(buf_in);
}
OPENSSL_free(buf_in);
EVP_MD_CTX_cleanup(&ctx);
return ret;
}

View File

@ -87,11 +87,6 @@ OPENSSL_EXPORT void OPENSSL_free(void *ptr);
// allocated and the data at |ptr| is always wiped and freed.
OPENSSL_EXPORT void *OPENSSL_realloc(void *ptr, size_t new_size);
// OPENSSL_realloc_clean behaves exactly like |OPENSSL_realloc|.
// TODO(martinkr): Remove.
OPENSSL_EXPORT void *OPENSSL_realloc_clean(void *ptr, size_t old_size,
size_t new_size);
// OPENSSL_cleanse zeros out |len| bytes of memory at |ptr|. This is similar to
// |memset_s| from C11.
OPENSSL_EXPORT void OPENSSL_cleanse(void *ptr, size_t len);

View File

@ -159,11 +159,7 @@ SSL_HANDSHAKE::~SSL_HANDSHAKE() {
OPENSSL_free(server_params);
ssl->ctx->x509_method->hs_flush_cached_ca_names(this);
OPENSSL_free(certificate_types);
if (key_block != NULL) {
OPENSSL_cleanse(key_block, key_block_len);
OPENSSL_free(key_block);
}
OPENSSL_free(key_block);
}
SSL_HANDSHAKE *ssl_handshake_new(SSL *ssl) {

View File

@ -1367,7 +1367,6 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
OPENSSL_cleanse(pms, pms_len);
OPENSSL_free(pms);
pms = new_pms;
pms_len = new_pms_len;
@ -1385,19 +1384,14 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
goto err;
}
hs->new_session->extended_master_secret = hs->extended_master_secret;
OPENSSL_cleanse(pms, pms_len);
OPENSSL_free(pms);
hs->state = state_send_client_certificate_verify;
return ssl_hs_ok;
err:
if (pms != NULL) {
OPENSSL_cleanse(pms, pms_len);
OPENSSL_free(pms);
}
OPENSSL_free(pms);
return ssl_hs_error;
}
static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) {

View File

@ -983,7 +983,6 @@ void SSL_SESSION_free(SSL_SESSION *session) {
CRYPTO_BUFFER_free(session->ocsp_response);
OPENSSL_free(session->psk_identity);
OPENSSL_free(session->early_alpn);
OPENSSL_cleanse(session, sizeof(*session));
OPENSSL_free(session);
}