From c3fb511f8056bda61af5a5bffef5bd4ab077c84e Mon Sep 17 00:00:00 2001 From: guenther Date: Sat, 19 Apr 2014 13:31:24 +0000 Subject: [PATCH] Lacking a proof that--for this implementation--exposure of Montgomery multiplication or RSA blinding parameters doesn't permit retroactive timing analysis of the secrets, we'll do the stupidly cheap thing and cleanse them before freeing them. ok deraadt@ --- lib/libcrypto/bn/bn_blind.c | 8 ++++---- lib/libcrypto/bn/bn_mont.c | 6 +++--- lib/libssl/src/crypto/bn/bn_blind.c | 8 ++++---- lib/libssl/src/crypto/bn/bn_mont.c | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/libcrypto/bn/bn_blind.c b/lib/libcrypto/bn/bn_blind.c index 264531013ef..f424e479d36 100644 --- a/lib/libcrypto/bn/bn_blind.c +++ b/lib/libcrypto/bn/bn_blind.c @@ -176,10 +176,10 @@ void BN_BLINDING_free(BN_BLINDING *r) if(r == NULL) return; - if (r->A != NULL) BN_free(r->A ); - if (r->Ai != NULL) BN_free(r->Ai); - if (r->e != NULL) BN_free(r->e ); - if (r->mod != NULL) BN_free(r->mod); + if (r->A != NULL) BN_clear_free(r->A ); + if (r->Ai != NULL) BN_clear_free(r->Ai); + if (r->e != NULL) BN_clear_free(r->e ); + if (r->mod != NULL) BN_clear_free(r->mod); free(r); } diff --git a/lib/libcrypto/bn/bn_mont.c b/lib/libcrypto/bn/bn_mont.c index 133c597c333..456a80bde61 100644 --- a/lib/libcrypto/bn/bn_mont.c +++ b/lib/libcrypto/bn/bn_mont.c @@ -345,9 +345,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) if(mont == NULL) return; - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); + BN_clear_free(&(mont->RR)); + BN_clear_free(&(mont->N)); + BN_clear_free(&(mont->Ni)); if (mont->flags & BN_FLG_MALLOCED) free(mont); } diff --git a/lib/libssl/src/crypto/bn/bn_blind.c b/lib/libssl/src/crypto/bn/bn_blind.c index 264531013ef..f424e479d36 100644 --- a/lib/libssl/src/crypto/bn/bn_blind.c +++ b/lib/libssl/src/crypto/bn/bn_blind.c @@ -176,10 +176,10 @@ void BN_BLINDING_free(BN_BLINDING *r) if(r == NULL) return; - if (r->A != NULL) BN_free(r->A ); - if (r->Ai != NULL) BN_free(r->Ai); - if (r->e != NULL) BN_free(r->e ); - if (r->mod != NULL) BN_free(r->mod); + if (r->A != NULL) BN_clear_free(r->A ); + if (r->Ai != NULL) BN_clear_free(r->Ai); + if (r->e != NULL) BN_clear_free(r->e ); + if (r->mod != NULL) BN_clear_free(r->mod); free(r); } diff --git a/lib/libssl/src/crypto/bn/bn_mont.c b/lib/libssl/src/crypto/bn/bn_mont.c index 133c597c333..456a80bde61 100644 --- a/lib/libssl/src/crypto/bn/bn_mont.c +++ b/lib/libssl/src/crypto/bn/bn_mont.c @@ -345,9 +345,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) if(mont == NULL) return; - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); + BN_clear_free(&(mont->RR)); + BN_clear_free(&(mont->N)); + BN_clear_free(&(mont->Ni)); if (mont->flags & BN_FLG_MALLOCED) free(mont); } -- 2.20.1