summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Guenther <guenther@cvs.openbsd.org>2014-04-19 13:31:25 +0000
committerPhilip Guenther <guenther@cvs.openbsd.org>2014-04-19 13:31:25 +0000
commitc573ea967eacf3811877487f16b2c7ed0d3b627f (patch)
tree6c27bf91c13b8fcfc424927f6eb4791569bff422
parentbe0dddaf26cfff26c7e5a6227cfe6eb6eec95bd8 (diff)
Lacking a proof that--for this implementation--exposure of Montgomery
multiplication or RSA blinding parameters doesn't permit retroactive timing analysis of the secrets, we'll do the stupidly cheap thing and cleanse them before freeing them. ok deraadt@
-rw-r--r--lib/libssl/src/crypto/bn/bn_blind.c8
-rw-r--r--lib/libssl/src/crypto/bn/bn_mont.c6
2 files changed, 7 insertions, 7 deletions
diff --git a/lib/libssl/src/crypto/bn/bn_blind.c b/lib/libssl/src/crypto/bn/bn_blind.c
index 264531013ef..f424e479d36 100644
--- a/lib/libssl/src/crypto/bn/bn_blind.c
+++ b/lib/libssl/src/crypto/bn/bn_blind.c
@@ -176,10 +176,10 @@ void BN_BLINDING_free(BN_BLINDING *r)
if(r == NULL)
return;
- if (r->A != NULL) BN_free(r->A );
- if (r->Ai != NULL) BN_free(r->Ai);
- if (r->e != NULL) BN_free(r->e );
- if (r->mod != NULL) BN_free(r->mod);
+ if (r->A != NULL) BN_clear_free(r->A );
+ if (r->Ai != NULL) BN_clear_free(r->Ai);
+ if (r->e != NULL) BN_clear_free(r->e );
+ if (r->mod != NULL) BN_clear_free(r->mod);
free(r);
}
diff --git a/lib/libssl/src/crypto/bn/bn_mont.c b/lib/libssl/src/crypto/bn/bn_mont.c
index 133c597c333..456a80bde61 100644
--- a/lib/libssl/src/crypto/bn/bn_mont.c
+++ b/lib/libssl/src/crypto/bn/bn_mont.c
@@ -345,9 +345,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
if(mont == NULL)
return;
- BN_free(&(mont->RR));
- BN_free(&(mont->N));
- BN_free(&(mont->Ni));
+ BN_clear_free(&(mont->RR));
+ BN_clear_free(&(mont->N));
+ BN_clear_free(&(mont->Ni));
if (mont->flags & BN_FLG_MALLOCED)
free(mont);
}