diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-05-05 18:38:43 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-05-05 18:38:43 +0000 |
| commit | 54a38e179c98c60f128e83c5d93e2121a1d305f2 (patch) | |
| tree | 3a9cd1e6cced1114fbb133670ddbe64eeb613920 /lib | |
| parent | d089a955b3d716901a326c5a613d29a8b628ff08 (diff) | |
inspired by a cloudflare diff, cleanse old memory when expanding a bignum.
however, instead of trying to audit all the places where a secret bignum
is used, apply the big hammer and clear all bignums when freed.
ok deraadt miod
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/src/crypto/bn/bn_lib.c | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/lib/libssl/src/crypto/bn/bn_lib.c b/lib/libssl/src/crypto/bn/bn_lib.c index 9787a31dbbf..a8022f66680 100644 --- a/lib/libssl/src/crypto/bn/bn_lib.c +++ b/lib/libssl/src/crypto/bn/bn_lib.c @@ -226,22 +226,11 @@ void BN_clear_free(BIGNUM *a) free(a); } -void BN_free(BIGNUM *a) - { - if (a == NULL) return; - bn_check_top(a); - if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) - free(a->d); - if (a->flags & BN_FLG_MALLOCED) - free(a); - else - { -#ifndef OPENSSL_NO_DEPRECATED - a->flags|=BN_FLG_FREE; -#endif - a->d = NULL; - } - } +void +BN_free(BIGNUM *a) +{ + BN_clear_free(a); +} void BN_init(BIGNUM *a) { @@ -400,7 +389,10 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) { BN_ULONG *a = bn_expand_internal(b, words); if(!a) return NULL; - if(b->d) free(b->d); + if(b->d) { + OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); + free(b->d); + } b->d=a; b->dmax=words; } |