OpenSSL: Use EC_POINT_clear_free instead of EC_POINT_free

This changes OpenSSL calls to explicitly clear the EC_POINT memory
allocations when freeing them. This adds an extra layer of security by
avoiding leaving potentially private keys into local memory after they
are not needed anymore. While some of these variables are not really
private (e.g., they are sent in clear anyway), the extra cost of
clearing them is not significant and it is simpler to just clear these
explicitly rather than review each possible code path to confirm where
this does not help.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index d04594febce38a0f0883cae0da089657d6e0c0a6..f02aaacb707692a876d97f5ced82c586e3dbde99 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -1157,13 +1157,13 @@ struct crypto_ec_point * crypto_ec_point_from_bin(struct crypto_ec *e,
        if (x == NULL || y == NULL || elem == NULL) {
                BN_clear_free(x);
                BN_clear_free(y);
-               EC_POINT_free(elem);
+               EC_POINT_clear_free(elem);
                return NULL;
        }
 
        if (!EC_POINT_set_affine_coordinates_GFp(e->group, elem, x, y,
                                                 e->bnctx)) {
-               EC_POINT_free(elem);
+               EC_POINT_clear_free(elem);
                elem = NULL;
        }
 

diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index a1a24e3719d049b296e183df27370576c08f3419..fdcff7fa86c47a4f95808fd216c0d7dab742d078 100644 (file)
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -263,7 +263,7 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
  fail:
                EC_GROUP_free(grp->group);
                grp->group = NULL;
-               EC_POINT_free(grp->pwe);
+               EC_POINT_clear_free(grp->pwe);
                grp->pwe = NULL;
                BN_clear_free(grp->order);
                grp->order = NULL;

diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index b9eae3773ed0748ceeda293e110949f6450ac5d0..089aec36d78b44c7137b9309c3691655a9225940 100644 (file)
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -153,14 +153,14 @@ static void eap_pwd_deinit(struct eap_sm *sm, void *priv)
        BN_clear_free(data->my_scalar);
        BN_clear_free(data->k);
        BN_CTX_free(data->bnctx);
-       EC_POINT_free(data->my_element);
-       EC_POINT_free(data->server_element);
+       EC_POINT_clear_free(data->my_element);
+       EC_POINT_clear_free(data->server_element);
        os_free(data->id_peer);
        os_free(data->id_server);
        bin_clear_free(data->password, data->password_len);
        if (data->grp) {
                EC_GROUP_free(data->grp->group);
-               EC_POINT_free(data->grp->pwe);
+               EC_POINT_clear_free(data->grp->pwe);
                BN_clear_free(data->grp->order);
                BN_clear_free(data->grp->prime);
                os_free(data->grp);
@@ -474,8 +474,8 @@ fin:
        BN_clear_free(x);
        BN_clear_free(y);
        BN_clear_free(cofactor);
-       EC_POINT_free(K);
-       EC_POINT_free(point);
+       EC_POINT_clear_free(K);
+       EC_POINT_clear_free(point);
        if (data->outbuf == NULL)
                eap_pwd_state(data, FAILURE);
        else

diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index e86d3b1119d0c12d73a8207b389b4d4fec43ad87..38fa0f2015c5cc488cc1028ab0cded4441ac3a00 100644 (file)
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -140,14 +140,14 @@ static void eap_pwd_reset(struct eap_sm *sm, void *priv)
        BN_clear_free(data->my_scalar);
        BN_clear_free(data->k);
        BN_CTX_free(data->bnctx);
-       EC_POINT_free(data->my_element);
-       EC_POINT_free(data->peer_element);
+       EC_POINT_clear_free(data->my_element);
+       EC_POINT_clear_free(data->peer_element);
        os_free(data->id_peer);
        os_free(data->id_server);
        bin_clear_free(data->password, data->password_len);
        if (data->grp) {
                EC_GROUP_free(data->grp->group);
-               EC_POINT_free(data->grp->pwe);
+               EC_POINT_clear_free(data->grp->pwe);
                BN_clear_free(data->grp->order);
                BN_clear_free(data->grp->prime);
                os_free(data->grp);
@@ -724,8 +724,8 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
        res = 1;
 
 fin:
-       EC_POINT_free(K);
-       EC_POINT_free(point);
+       EC_POINT_clear_free(K);
+       EC_POINT_clear_free(point);
        BN_clear_free(cofactor);
        BN_clear_free(x);
        BN_clear_free(y);