explict_bzero for some asn1 free's - ok miod@

4 files changed, 18 insertions, 6 deletions

diff --git a/lib/libcrypto/asn1/a_object.c b/lib/libcrypto/asn1/a_object.c
index 7bcabec0340..fcd6aa91fef 100644
--- a/lib/libcrypto/asn1/a_object.c
+++ b/lib/libcrypto/asn1/a_object.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_object.c,v 1.24 2015/02/10 08:33:10 jsing Exp $ */
+/* $OpenBSD: a_object.c,v 1.25 2016/03/06 18:05:00 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -380,6 +380,8 @@ ASN1_OBJECT_free(ASN1_OBJECT *a)
 		a->sn = a->ln = NULL;
 	}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
+		if (a->data != NULL)
+			explicit_bzero((void *)a->data, a->length);
 		free((void *)a->data);
 		a->data = NULL;
 		a->length = 0;
diff --git a/lib/libcrypto/asn1/asn1_lib.c b/lib/libcrypto/asn1/asn1_lib.c
index 5d14a2780f9..444a34c0725 100644
--- a/lib/libcrypto/asn1/asn1_lib.c
+++ b/lib/libcrypto/asn1/asn1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.36 2015/07/29 14:53:20 jsing Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.37 2016/03/06 18:05:00 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -401,6 +401,8 @@ ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
 void
 ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
 {
+	if (str->data != NULL)
+		explicit_bzero(str->data, str->length);
 	free(str->data);
 	str->data = data;
 	str->length = len;
@@ -434,8 +436,10 @@ ASN1_STRING_free(ASN1_STRING *a)
 {
 	if (a == NULL)
 		return;
-	if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+	if (a->data != NULL && !(a->flags & ASN1_STRING_FLAG_NDEF)) {
+		explicit_bzero(a->data, a->length);
 		free(a->data);
+	}
 	free(a);
 }
 
diff --git a/lib/libssl/src/crypto/asn1/a_object.c b/lib/libssl/src/crypto/asn1/a_object.c
index 7bcabec0340..fcd6aa91fef 100644
--- a/lib/libssl/src/crypto/asn1/a_object.c
+++ b/lib/libssl/src/crypto/asn1/a_object.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_object.c,v 1.24 2015/02/10 08:33:10 jsing Exp $ */
+/* $OpenBSD: a_object.c,v 1.25 2016/03/06 18:05:00 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -380,6 +380,8 @@ ASN1_OBJECT_free(ASN1_OBJECT *a)
 		a->sn = a->ln = NULL;
 	}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
+		if (a->data != NULL)
+			explicit_bzero((void *)a->data, a->length);
 		free((void *)a->data);
 		a->data = NULL;
 		a->length = 0;
diff --git a/lib/libssl/src/crypto/asn1/asn1_lib.c b/lib/libssl/src/crypto/asn1/asn1_lib.c
index 5d14a2780f9..444a34c0725 100644
--- a/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.36 2015/07/29 14:53:20 jsing Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.37 2016/03/06 18:05:00 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -401,6 +401,8 @@ ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
 void
 ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
 {
+	if (str->data != NULL)
+		explicit_bzero(str->data, str->length);
 	free(str->data);
 	str->data = data;
 	str->length = len;
@@ -434,8 +436,10 @@ ASN1_STRING_free(ASN1_STRING *a)
 {
 	if (a == NULL)
 		return;
-	if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+	if (a->data != NULL && !(a->flags & ASN1_STRING_FLAG_NDEF)) {
+		explicit_bzero(a->data, a->length);
 		free(a->data);
+	}
 	free(a);
 }