summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorPauli <paul.dale@oracle.com>2019-07-23 08:54:52 +0200
committerPauli <paul.dale@oracle.com>2019-07-23 08:54:52 +0200
commit82925f9dd0492f2e5f1d80ff46fd59f0704c8fe6 (patch)
tree2e16809b81eefdb3c337b0ef1c5a44f7c5209217 /crypto
parentReplace OSSL_ITEM with OSSL_PARAM as parameter descriptor, everywhere (diff)
downloadopenssl-82925f9dd0492f2e5f1d80ff46fd59f0704c8fe6.tar.xz
openssl-82925f9dd0492f2e5f1d80ff46fd59f0704c8fe6.zip
Avoid double clearing some BIGNUMs
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9438)
Diffstat (limited to 'crypto')
-rw-r--r--crypto/bn/bn_lib.c20
1 files changed, 9 insertions, 11 deletions
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 17293ede34..5719a00ebf 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -142,10 +142,12 @@ int BN_num_bits(const BIGNUM *a)
return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
}
-static void bn_free_d(BIGNUM *a)
+static void bn_free_d(BIGNUM *a, int clear)
{
if (BN_get_flags(a, BN_FLG_SECURE))
- OPENSSL_secure_free(a->d);
+ OPENSSL_secure_clear_free(a->d, a->dmax * sizeof(a->d[0]));
+ else if (clear != 0)
+ OPENSSL_clear_free(a->d, a->dmax * sizeof(a->d[0]));
else
OPENSSL_free(a->d);
}
@@ -155,10 +157,8 @@ void BN_clear_free(BIGNUM *a)
{
if (a == NULL)
return;
- if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
- OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
- bn_free_d(a);
- }
+ if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA))
+ bn_free_d(a, 1);
if (BN_get_flags(a, BN_FLG_MALLOCED)) {
OPENSSL_cleanse(a, sizeof(*a));
OPENSSL_free(a);
@@ -170,7 +170,7 @@ void BN_free(BIGNUM *a)
if (a == NULL)
return;
if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
- bn_free_d(a);
+ bn_free_d(a, 0);
if (a->flags & BN_FLG_MALLOCED)
OPENSSL_free(a);
}
@@ -248,10 +248,8 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
BN_ULONG *a = bn_expand_internal(b, words);
if (!a)
return NULL;
- if (b->d) {
- OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
- bn_free_d(b);
- }
+ if (b->d != NULL)
+ bn_free_d(b, 1);
b->d = a;
b->dmax = words;
}