DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL: Use BN_clear_free instead of BN_free

Browse source 
This changes OpenSSL calls to explicitly clear the bignum memory
allocations when freeing them. This adds an extra layer of security by
avoiding leaving potentially private keys into local memory after they
are not needed anymore. While some of these variables are not really
private (e.g., they are sent in clear anyway), the extra cost of
clearing them is not significant and it is simpler to just clear these
explicitly rather than review each possible code path to confirm where
this does not help.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
Florent Daigniere 2014-06-27 11:58:10 +02:00 committed by Jouni Malinen
parent a5257a7a27
commit 3248071dc3
4 changed files with 46 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/eap_common/eap_pwd_common.c
View file

@ -265,16 +265,16 @@ int compute_password_element(EAP_PWD_group *grp, u16 num,
grp->group = NULL;
EC_POINT_free(grp->pwe);
grp->pwe = NULL;
BN_free(grp->order);
BN_clear_free(grp->order);
grp->order = NULL;
BN_free(grp->prime);
BN_clear_free(grp->prime);
grp->prime = NULL;
ret = 1;
}
/* cleanliness and order.... */
BN_free(cofactor);
BN_free(x_candidate);
BN_free(rnd);
BN_clear_free(cofactor);
BN_clear_free(x_candidate);
BN_clear_free(rnd);
os_free(prfbuf);
return ret;