From b9ebb64eeaa6ad5070ce2ace703c94382abf955f Mon Sep 17 00:00:00 2001
From: guenther <>
Date: Sat, 19 Apr 2014 13:31:24 +0000
Subject: Lacking a proof that--for this implementation--exposure of Montgomery
 multiplication or RSA blinding parameters doesn't permit retroactive timing
 analysis of the secrets, we'll do the stupidly cheap thing and cleanse them
 before freeing them.

ok deraadt@
---
 src/lib/libcrypto/bn/bn_blind.c         | 8 ++++----
 src/lib/libcrypto/bn/bn_mont.c          | 6 +++---
 src/lib/libssl/src/crypto/bn/bn_blind.c | 8 ++++----
 src/lib/libssl/src/crypto/bn/bn_mont.c  | 6 +++---
 4 files changed, 14 insertions(+), 14 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index 264531013e..f424e479d3 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -176,10 +176,10 @@ void BN_BLINDING_free(BN_BLINDING *r)
 	if(r == NULL)
 	    return;
 
-	if (r->A  != NULL) BN_free(r->A );
-	if (r->Ai != NULL) BN_free(r->Ai);
-	if (r->e  != NULL) BN_free(r->e );
-	if (r->mod != NULL) BN_free(r->mod); 
+	if (r->A  != NULL) BN_clear_free(r->A );
+	if (r->Ai != NULL) BN_clear_free(r->Ai);
+	if (r->e  != NULL) BN_clear_free(r->e );
+	if (r->mod != NULL) BN_clear_free(r->mod); 
 	free(r);
 	}
 
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index 133c597c33..456a80bde6 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -345,9 +345,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
 	if(mont == NULL)
 	    return;
 
-	BN_free(&(mont->RR));
-	BN_free(&(mont->N));
-	BN_free(&(mont->Ni));
+	BN_clear_free(&(mont->RR));
+	BN_clear_free(&(mont->N));
+	BN_clear_free(&(mont->Ni));
 	if (mont->flags & BN_FLG_MALLOCED)
 		free(mont);
 	}
diff --git a/src/lib/libssl/src/crypto/bn/bn_blind.c b/src/lib/libssl/src/crypto/bn/bn_blind.c
index 264531013e..f424e479d3 100644
--- a/src/lib/libssl/src/crypto/bn/bn_blind.c
+++ b/src/lib/libssl/src/crypto/bn/bn_blind.c
@@ -176,10 +176,10 @@ void BN_BLINDING_free(BN_BLINDING *r)
 	if(r == NULL)
 	    return;
 
-	if (r->A  != NULL) BN_free(r->A );
-	if (r->Ai != NULL) BN_free(r->Ai);
-	if (r->e  != NULL) BN_free(r->e );
-	if (r->mod != NULL) BN_free(r->mod); 
+	if (r->A  != NULL) BN_clear_free(r->A );
+	if (r->Ai != NULL) BN_clear_free(r->Ai);
+	if (r->e  != NULL) BN_clear_free(r->e );
+	if (r->mod != NULL) BN_clear_free(r->mod); 
 	free(r);
 	}
 
diff --git a/src/lib/libssl/src/crypto/bn/bn_mont.c b/src/lib/libssl/src/crypto/bn/bn_mont.c
index 133c597c33..456a80bde6 100644
--- a/src/lib/libssl/src/crypto/bn/bn_mont.c
+++ b/src/lib/libssl/src/crypto/bn/bn_mont.c
@@ -345,9 +345,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
 	if(mont == NULL)
 	    return;
 
-	BN_free(&(mont->RR));
-	BN_free(&(mont->N));
-	BN_free(&(mont->Ni));
+	BN_clear_free(&(mont->RR));
+	BN_clear_free(&(mont->N));
+	BN_clear_free(&(mont->Ni));
 	if (mont->flags & BN_FLG_MALLOCED)
 		free(mont);
 	}
-- 
cgit v1.2.3-55-g6feb