generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make sure OPENSSL_cleanse checks for NULL

Browse Source 
In master we have the function OPENSSL_clear_free(x,y), which immediately
returns if x == NULL. In <=1.0.2 this function does not exist so we have to
do:
OPENSSL_cleanse(x, y);
OPENSSL_free(x);

However, previously, OPENSSL_cleanse did not check that if x == NULL, so
the real equivalent check would have to be:
if (x != NULL)
    OPENSSL_cleanse(x, y);
OPENSSL_free(x);

It would be easy to get this wrong during cherry-picking to other branches
and therefore, for safety, it is best to just ensure OPENSSL_cleanse also
checks for NULL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 020d8fc83f)
This commit is contained in:
Matt Caswell
2015-09-16 10:47:15 +01:00
parent 27bc0555aa
commit 5e7d583bab
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/mem_clr.c
View File

@@ -66,6 +66,10 @@ void OPENSSL_cleanse(void *ptr, size_t len)
{ {
unsigned char *p = ptr; unsigned char *p = ptr;
size_t loop = len, ctr = cleanse_ctr; size_t loop = len, ctr = cleanse_ctr;
if (ptr == NULL)
return;
while (loop--) { while (loop--) {
*(p++) = (unsigned char)ctr; *(p++) = (unsigned char)ctr;
ctr += (17 + ((size_t)p & 0xF)); ctr += (17 + ((size_t)p & 0xF));