however, instead of trying to audit all the places where a secret bignum
is used, apply the big hammer and clear all bignums when freed.
ok deraadt miod
free(a);
}
-void BN_free(BIGNUM *a)
- {
- if (a == NULL) return;
- bn_check_top(a);
- if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
- free(a->d);
- if (a->flags & BN_FLG_MALLOCED)
- free(a);
- else
- {
-#ifndef OPENSSL_NO_DEPRECATED
- a->flags|=BN_FLG_FREE;
-#endif
- a->d = NULL;
- }
- }
+void
+BN_free(BIGNUM *a)
+{
+ BN_clear_free(a);
+}
void BN_init(BIGNUM *a)
{
{
BN_ULONG *a = bn_expand_internal(b, words);
if(!a) return NULL;
- if(b->d) free(b->d);
+ if(b->d) {
+ OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
+ free(b->d);
+ }
b->d=a;
b->dmax=words;
}
free(a);
}
-void BN_free(BIGNUM *a)
- {
- if (a == NULL) return;
- bn_check_top(a);
- if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
- free(a->d);
- if (a->flags & BN_FLG_MALLOCED)
- free(a);
- else
- {
-#ifndef OPENSSL_NO_DEPRECATED
- a->flags|=BN_FLG_FREE;
-#endif
- a->d = NULL;
- }
- }
+void
+BN_free(BIGNUM *a)
+{
+ BN_clear_free(a);
+}
void BN_init(BIGNUM *a)
{
{
BN_ULONG *a = bn_expand_internal(b, words);
if(!a) return NULL;
- if(b->d) free(b->d);
+ if(b->d) {
+ OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
+ free(b->d);
+ }
b->d=a;
b->dmax=words;
}
projects / openbsd / commitdiff