diff options
| author | Rich Salz <rsalz@akamai.com> | 2015-07-22 06:44:50 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-07-22 14:43:05 -0400 |
| commit | 9f040d6decca7930e978784c917f731e5c45e8f0 (patch) | |
| tree | c3e09cfde8f467f10f63ce01e787cd10d4c95bdd /crypto/bn | |
| parent | 4445704f912495227e9e99835e94219d7e79684c (diff) | |
Some cleanups for crypto/bn
Create bn_free_d utility routine and use it.
Fix RT3950
Also a missing cleanse, from Loganaden Velvindron (loganaden@gmail.com),
who noticed it in a Cloudflare patch.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/bn')
| -rw-r--r-- | crypto/bn/bn_add.c | 3 | ||||
| -rw-r--r-- | crypto/bn/bn_lib.c | 32 | ||||
| -rw-r--r-- | crypto/bn/bn_mont.c | 4 |
3 files changed, 20 insertions, 19 deletions
diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index a446686c74..0bfc3cc637 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -222,7 +222,8 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) break; } } - memcpy(rp, ap, sizeof(*rp) * dif); + if (dif) + memcpy(rp, ap, sizeof(*rp) * dif); r->top = max; r->neg = 0; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index b5f827a36c..f10f44a86f 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -223,6 +223,15 @@ int BN_num_bits(const BIGNUM *a) return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } +static void bn_free_d(BIGNUM *a) +{ + if (BN_get_flags(a,BN_FLG_SECURE)) + OPENSSL_secure_free(a->d); + else + OPENSSL_free(a->d); +} + + void BN_clear_free(BIGNUM *a) { int i; @@ -232,15 +241,11 @@ void BN_clear_free(BIGNUM *a) bn_check_top(a); if (a->d != NULL) { OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) { - if (BN_get_flags(a,BN_FLG_SECURE)) - OPENSSL_secure_free(a->d); - else - OPENSSL_free(a->d); - } + if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) + bn_free_d(a); } i = BN_get_flags(a, BN_FLG_MALLOCED); - OPENSSL_cleanse(a, sizeof(BIGNUM)); + OPENSSL_cleanse(a, sizeof(*a)); if (i) OPENSSL_free(a); } @@ -251,12 +256,7 @@ void BN_free(BIGNUM *a) return; bn_check_top(a); if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) - if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) { - if (BN_get_flags(a, BN_FLG_SECURE)) - OPENSSL_secure_free(a->d); - else - OPENSSL_free(a->d); - } + bn_free_d(a); if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); else { @@ -399,10 +399,8 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) if (!a) return NULL; if (b->d) { - if (BN_get_flags(b,BN_FLG_SECURE)) - OPENSSL_secure_free(b->d); - else - OPENSSL_free(b->d); + OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); + bn_free_d(b); } b->d = a; b->dmax = words; diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index c869101384..e3955fe475 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -196,7 +196,9 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) rp = r->d; /* clear the top words of T */ - memset(&rp[r->top], 0, sizeof(*rp) * (max - r->top)); + i = max - r->top; + if (i) + memset(&rp[r->top], 0, sizeof(*rp) * i); r->top = max; n0 = mont->n0[0]; |