diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-05-05 18:38:43 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-05-05 18:38:43 +0000 |
| commit | 17a71c4c49ea8f2fbdacfd55d8775a2cdf337243 (patch) | |
| tree | 76eae02f3bb12e4cc83dde9153d0ab7d4d5cad9c /lib/libcrypto | |
| parent | f25803714dd73155f22cb5fd97ecedb666e62701 (diff) | |
inspired by a cloudflare diff, cleanse old memory when expanding a bignum.
however, instead of trying to audit all the places where a secret bignum
is used, apply the big hammer and clear all bignums when freed.
ok deraadt miod
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/bn/bn_lib.c | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c index 9787a31dbbf..a8022f66680 100644 --- a/lib/libcrypto/bn/bn_lib.c +++ b/lib/libcrypto/bn/bn_lib.c @@ -226,22 +226,11 @@ void BN_clear_free(BIGNUM *a) free(a); } -void BN_free(BIGNUM *a) - { - if (a == NULL) return; - bn_check_top(a); - if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) - free(a->d); - if (a->flags & BN_FLG_MALLOCED) - free(a); - else - { -#ifndef OPENSSL_NO_DEPRECATED - a->flags|=BN_FLG_FREE; -#endif - a->d = NULL; - } - } +void +BN_free(BIGNUM *a) +{ + BN_clear_free(a); +} void BN_init(BIGNUM *a) { @@ -400,7 +389,10 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) { BN_ULONG *a = bn_expand_internal(b, words); if(!a) return NULL; - if(b->d) free(b->d); + if(b->d) { + OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); + free(b->d); + } b->d=a; b->dmax=words; } |