diff options
author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-05-07 21:06:06 +0000 |
---|---|---|
committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-05-07 21:06:06 +0000 |
commit | 868dbcafb7ad01f52326431baef8cfb514eb3285 (patch) | |
tree | a4217830fb613aa8798643324d8886d6edf7425d | |
parent | 32d49f4b1aa480138ac03a4325ff2df5e2e5991e (diff) |
in BN_clear_free, don't cleanse the data if the static data flag is set.
much debugging work done by otto. ok miod otto.
side note: BN_FLG_STATIC_DATA doesn't actually mean the data is static.
it's also used to indicate the data may be secretly shared behind your back
as a sort of poor man's refcounting, but without the refcounting.
-rw-r--r-- | lib/libcrypto/bn/bn_lib.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c index 9787a31dbbf..6ec92826532 100644 --- a/lib/libcrypto/bn/bn_lib.c +++ b/lib/libcrypto/bn/bn_lib.c @@ -214,11 +214,10 @@ void BN_clear_free(BIGNUM *a) if (a == NULL) return; bn_check_top(a); - if (a->d != NULL) + if (a->d != NULL && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) { OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); - if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) - free(a->d); + free(a->d); } i=BN_get_flags(a,BN_FLG_MALLOCED); OPENSSL_cleanse(a,sizeof(BIGNUM)); |