From 175857f1f09d39bc6ca15584b35392b0794c405b Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Wed, 7 May 2014 21:06:05 +0000
Subject: in BN_clear_free, don't cleanse the data if the static data flag is
 set. much debugging work done by otto. ok miod otto.

side note: BN_FLG_STATIC_DATA doesn't actually mean the data is static.
it's also used to indicate the data may be secretly shared behind your back
as a sort of poor man's refcounting, but without the refcounting.
---
 src/lib/libcrypto/bn/bn_lib.c         | 5 ++---
 src/lib/libssl/src/crypto/bn/bn_lib.c | 5 ++---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 9787a31dbb..6ec9282653 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -214,11 +214,10 @@ void BN_clear_free(BIGNUM *a)
 
 	if (a == NULL) return;
 	bn_check_top(a);
-	if (a->d != NULL)
+	if (a->d != NULL && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
 		{
 		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
-		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-			free(a->d);
+		free(a->d);
 		}
 	i=BN_get_flags(a,BN_FLG_MALLOCED);
 	OPENSSL_cleanse(a,sizeof(BIGNUM));
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c
index 9787a31dbb..6ec9282653 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/src/lib/libssl/src/crypto/bn/bn_lib.c
@@ -214,11 +214,10 @@ void BN_clear_free(BIGNUM *a)
 
 	if (a == NULL) return;
 	bn_check_top(a);
-	if (a->d != NULL)
+	if (a->d != NULL && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
 		{
 		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
-		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-			free(a->d);
+		free(a->d);
 		}
 	i=BN_get_flags(a,BN_FLG_MALLOCED);
 	OPENSSL_cleanse(a,sizeof(BIGNUM));
-- 
cgit v1.2.3-55-g6feb