diff options
| author | tedu <> | 2014-05-07 21:06:05 +0000 |
|---|---|---|
| committer | tedu <> | 2014-05-07 21:06:05 +0000 |
| commit | 175857f1f09d39bc6ca15584b35392b0794c405b (patch) | |
| tree | 12cd88c23032ad7586ab59e31ffae76e6118e809 /src/lib | |
| parent | 2442223a850a28980708189468c6c6597698e398 (diff) | |
| download | openbsd-175857f1f09d39bc6ca15584b35392b0794c405b.tar.gz openbsd-175857f1f09d39bc6ca15584b35392b0794c405b.tar.bz2 openbsd-175857f1f09d39bc6ca15584b35392b0794c405b.zip | |
in BN_clear_free, don't cleanse the data if the static data flag is set.
much debugging work done by otto. ok miod otto.
side note: BN_FLG_STATIC_DATA doesn't actually mean the data is static.
it's also used to indicate the data may be secretly shared behind your back
as a sort of poor man's refcounting, but without the refcounting.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_lib.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/bn/bn_lib.c | 5 |
2 files changed, 4 insertions, 6 deletions
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c index 9787a31dbb..6ec9282653 100644 --- a/src/lib/libcrypto/bn/bn_lib.c +++ b/src/lib/libcrypto/bn/bn_lib.c | |||
| @@ -214,11 +214,10 @@ void BN_clear_free(BIGNUM *a) | |||
| 214 | 214 | ||
| 215 | if (a == NULL) return; | 215 | if (a == NULL) return; |
| 216 | bn_check_top(a); | 216 | bn_check_top(a); |
| 217 | if (a->d != NULL) | 217 | if (a->d != NULL && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) |
| 218 | { | 218 | { |
| 219 | OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); | 219 | OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); |
| 220 | if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) | 220 | free(a->d); |
| 221 | free(a->d); | ||
| 222 | } | 221 | } |
| 223 | i=BN_get_flags(a,BN_FLG_MALLOCED); | 222 | i=BN_get_flags(a,BN_FLG_MALLOCED); |
| 224 | OPENSSL_cleanse(a,sizeof(BIGNUM)); | 223 | OPENSSL_cleanse(a,sizeof(BIGNUM)); |
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c index 9787a31dbb..6ec9282653 100644 --- a/src/lib/libssl/src/crypto/bn/bn_lib.c +++ b/src/lib/libssl/src/crypto/bn/bn_lib.c | |||
| @@ -214,11 +214,10 @@ void BN_clear_free(BIGNUM *a) | |||
| 214 | 214 | ||
| 215 | if (a == NULL) return; | 215 | if (a == NULL) return; |
| 216 | bn_check_top(a); | 216 | bn_check_top(a); |
| 217 | if (a->d != NULL) | 217 | if (a->d != NULL && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) |
| 218 | { | 218 | { |
| 219 | OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); | 219 | OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); |
| 220 | if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) | 220 | free(a->d); |
| 221 | free(a->d); | ||
| 222 | } | 221 | } |
| 223 | i=BN_get_flags(a,BN_FLG_MALLOCED); | 222 | i=BN_get_flags(a,BN_FLG_MALLOCED); |
| 224 | OPENSSL_cleanse(a,sizeof(BIGNUM)); | 223 | OPENSSL_cleanse(a,sizeof(BIGNUM)); |