diff options
author | Philip Guenther <guenther@cvs.openbsd.org> | 2014-04-19 13:31:25 +0000 |
---|---|---|
committer | Philip Guenther <guenther@cvs.openbsd.org> | 2014-04-19 13:31:25 +0000 |
commit | c573ea967eacf3811877487f16b2c7ed0d3b627f (patch) | |
tree | 6c27bf91c13b8fcfc424927f6eb4791569bff422 | |
parent | be0dddaf26cfff26c7e5a6227cfe6eb6eec95bd8 (diff) |
Lacking a proof that--for this implementation--exposure of Montgomery
multiplication or RSA blinding parameters doesn't permit retroactive
timing analysis of the secrets, we'll do the stupidly cheap thing and
cleanse them before freeing them.
ok deraadt@
-rw-r--r-- | lib/libssl/src/crypto/bn/bn_blind.c | 8 | ||||
-rw-r--r-- | lib/libssl/src/crypto/bn/bn_mont.c | 6 |
2 files changed, 7 insertions, 7 deletions
diff --git a/lib/libssl/src/crypto/bn/bn_blind.c b/lib/libssl/src/crypto/bn/bn_blind.c index 264531013ef..f424e479d36 100644 --- a/lib/libssl/src/crypto/bn/bn_blind.c +++ b/lib/libssl/src/crypto/bn/bn_blind.c @@ -176,10 +176,10 @@ void BN_BLINDING_free(BN_BLINDING *r) if(r == NULL) return; - if (r->A != NULL) BN_free(r->A ); - if (r->Ai != NULL) BN_free(r->Ai); - if (r->e != NULL) BN_free(r->e ); - if (r->mod != NULL) BN_free(r->mod); + if (r->A != NULL) BN_clear_free(r->A ); + if (r->Ai != NULL) BN_clear_free(r->Ai); + if (r->e != NULL) BN_clear_free(r->e ); + if (r->mod != NULL) BN_clear_free(r->mod); free(r); } diff --git a/lib/libssl/src/crypto/bn/bn_mont.c b/lib/libssl/src/crypto/bn/bn_mont.c index 133c597c333..456a80bde61 100644 --- a/lib/libssl/src/crypto/bn/bn_mont.c +++ b/lib/libssl/src/crypto/bn/bn_mont.c @@ -345,9 +345,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) if(mont == NULL) return; - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); + BN_clear_free(&(mont->RR)); + BN_clear_free(&(mont->N)); + BN_clear_free(&(mont->Ni)); if (mont->flags & BN_FLG_MALLOCED) free(mont); } |