Commit 4b45c6e5 authored by Rich Salz's avatar Rich Salz
Browse files

free cleanup almost the finale 



Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 68dc6824

apps/apps.c

+1 −4
Original line number Diff line number Diff line
@@ -377,10 +377,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) 
            }

            while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));



        if (buff) {

            OPENSSL_cleanse(buff, (unsigned int)bufsiz);

            OPENSSL_free(buff);

        }

        OPENSSL_clear_free(buff, (unsigned int)bufsiz);



        if (ok >= 0)

            res = strlen(buf);

apps/dgst.c

+1 −4
Original line number Diff line number Diff line
@@ -441,10 +441,7 @@ int dgst_main(int argc, char **argv) 
        }

    }

 end:

    if (buf != NULL) {

        OPENSSL_cleanse(buf, BUFSIZE);

        OPENSSL_free(buf);

    }

    OPENSSL_clear_free(buf, BUFSIZE);

    BIO_free(in);

    if (passin)

        OPENSSL_free(passin);

apps/s_client.c

+4 −14
Original line number Diff line number Diff line
@@ -1994,7 +1994,6 @@ int s_client_main(int argc, char **argv) 
#endif

    SSL_CTX_free(ctx);

    X509_free(cert);

    if (crls)

    sk_X509_CRL_pop_free(crls, X509_CRL_free);

    EVP_PKEY_free(key);

    sk_X509_pop_free(chain, X509_free);
@@ -2008,18 +2007,9 @@ int s_client_main(int argc, char **argv) 
    if (jpake_secret && psk_key)

        OPENSSL_free(psk_key);

#endif

    if (cbuf != NULL) {

        OPENSSL_cleanse(cbuf, BUFSIZZ);

        OPENSSL_free(cbuf);

    }

    if (sbuf != NULL) {

        OPENSSL_cleanse(sbuf, BUFSIZZ);

        OPENSSL_free(sbuf);

    }

    if (mbuf != NULL) {

        OPENSSL_cleanse(mbuf, BUFSIZZ);

        OPENSSL_free(mbuf);

    }

    OPENSSL_clear_free(cbuf, BUFSIZZ);

    OPENSSL_clear_free(sbuf, BUFSIZZ);

    OPENSSL_clear_free(mbuf, BUFSIZZ);

    BIO_free(bio_c_out);

    bio_c_out = NULL;

    BIO_free(bio_c_msg);

apps/s_server.c

+1 −4
Original line number Diff line number Diff line
@@ -2395,10 +2395,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) 
        SSL_free(con);

    }

    BIO_printf(bio_s_out, "CONNECTION CLOSED\n");

    if (buf != NULL) {

        OPENSSL_cleanse(buf, bufsize);

        OPENSSL_free(buf);

    }

    OPENSSL_clear_free(buf, bufsize);

    if (ret >= 0)

        BIO_printf(bio_s_out, "ACCEPT\n");

    (void)BIO_flush(bio_s_out);

crypto/asn1/a_sign.c

+4 −16
Original line number Diff line number Diff line
@@ -203,14 +203,8 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, 
    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;

 err:

    EVP_MD_CTX_cleanup(&ctx);

    if (buf_in != NULL) {

        OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);

        OPENSSL_free(buf_in);

    }

    if (buf_out != NULL) {

        OPENSSL_cleanse((char *)buf_out, outll);

        OPENSSL_free(buf_out);

    }

    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);

    OPENSSL_clear_free((char *)buf_out, outll);

    return (outl);

}
@@ -319,13 +313,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, 
    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;

 err:

    EVP_MD_CTX_cleanup(ctx);

    if (buf_in != NULL) {

        OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);

        OPENSSL_free(buf_in);

    }

    if (buf_out != NULL) {

        OPENSSL_cleanse((char *)buf_out, outll);

        OPENSSL_free(buf_out);

    }

    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);

    OPENSSL_clear_free((char *)buf_out, outll);

    return (outl);

}