artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f936385)
Lacking a proof that--for this implementation--exposure of Montgomery
authorguenther <guenther@openbsd.org>
Sat, 19 Apr 2014 13:31:24 +0000 (13:31 +0000)
committerguenther <guenther@openbsd.org>
Sat, 19 Apr 2014 13:31:24 +0000 (13:31 +0000)
multiplication or RSA blinding parameters doesn't permit retroactive
timing analysis of the secrets, we'll do the stupidly cheap thing and
cleanse them before freeing them.

ok deraadt@

lib/libcrypto/bn/bn_blind.c patch | blob | history
lib/libcrypto/bn/bn_mont.c patch | blob | history
lib/libssl/src/crypto/bn/bn_blind.c patch | blob | history
lib/libssl/src/crypto/bn/bn_mont.c patch | blob | history

diff --git a/lib/libcrypto/bn/bn_blind.c b/lib/libcrypto/bn/bn_blind.c
index 2645310..f424e47 100644 (file)
--- a/lib/libcrypto/bn/bn_blind.c
+++ b/lib/libcrypto/bn/bn_blind.c
@@ -176,10 +176,10 @@ void BN_BLINDING_free(BN_BLINDING *r)
        if(r == NULL)
            return;
 
-       if (r->A  != NULL) BN_free(r->A );
-       if (r->Ai != NULL) BN_free(r->Ai);
-       if (r->e  != NULL) BN_free(r->e );
-       if (r->mod != NULL) BN_free(r->mod); 
+       if (r->A  != NULL) BN_clear_free(r->A );
+       if (r->Ai != NULL) BN_clear_free(r->Ai);
+       if (r->e  != NULL) BN_clear_free(r->e );
+       if (r->mod != NULL) BN_clear_free(r->mod); 
        free(r);
        }
 
diff --git a/lib/libcrypto/bn/bn_mont.c b/lib/libcrypto/bn/bn_mont.c
index 133c597..456a80b 100644 (file)
--- a/lib/libcrypto/bn/bn_mont.c
+++ b/lib/libcrypto/bn/bn_mont.c
@@ -345,9 +345,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
        if(mont == NULL)
            return;
 
-       BN_free(&(mont->RR));
-       BN_free(&(mont->N));
-       BN_free(&(mont->Ni));
+       BN_clear_free(&(mont->RR));
+       BN_clear_free(&(mont->N));
+       BN_clear_free(&(mont->Ni));
        if (mont->flags & BN_FLG_MALLOCED)
                free(mont);
        }
diff --git a/lib/libssl/src/crypto/bn/bn_blind.c b/lib/libssl/src/crypto/bn/bn_blind.c
index 2645310..f424e47 100644 (file)
--- a/lib/libssl/src/crypto/bn/bn_blind.c
+++ b/lib/libssl/src/crypto/bn/bn_blind.c
@@ -176,10 +176,10 @@ void BN_BLINDING_free(BN_BLINDING *r)
        if(r == NULL)
            return;
 
-       if (r->A  != NULL) BN_free(r->A );
-       if (r->Ai != NULL) BN_free(r->Ai);
-       if (r->e  != NULL) BN_free(r->e );
-       if (r->mod != NULL) BN_free(r->mod); 
+       if (r->A  != NULL) BN_clear_free(r->A );
+       if (r->Ai != NULL) BN_clear_free(r->Ai);
+       if (r->e  != NULL) BN_clear_free(r->e );
+       if (r->mod != NULL) BN_clear_free(r->mod); 
        free(r);
        }
 
diff --git a/lib/libssl/src/crypto/bn/bn_mont.c b/lib/libssl/src/crypto/bn/bn_mont.c
index 133c597..456a80b 100644 (file)
--- a/lib/libssl/src/crypto/bn/bn_mont.c
+++ b/lib/libssl/src/crypto/bn/bn_mont.c
@@ -345,9 +345,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
        if(mont == NULL)
            return;
 
-       BN_free(&(mont->RR));
-       BN_free(&(mont->N));
-       BN_free(&(mont->Ni));
+       BN_clear_free(&(mont->RR));
+       BN_clear_free(&(mont->N));
+       BN_clear_free(&(mont->Ni));
        if (mont->flags & BN_FLG_MALLOCED)
                free(mont);
        }
OpenBSD src
by Ahmet Artu Yildirim