Some cleanups for crypto/bn

Create bn_free_d utility routine and use it. Fix RT3950 Also a missing cleanse, from Loganaden Velvindron (loganaden@gmail.com), who noticed it in a Cloudflare patch. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-22 06:44:50 -04:00 · 2015-07-22 06:44:50 -04:00 · 9f040d6dec
commit 9f040d6dec
parent 4445704f91
3 changed files with 20 additions and 19 deletions
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@ -222,7 +222,8 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
                break;
        }
    }
-    memcpy(rp, ap, sizeof(*rp) * dif);
+    if (dif)
+        memcpy(rp, ap, sizeof(*rp) * dif);

    r->top = max;
    r->neg = 0;
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@ -223,6 +223,15 @@ int BN_num_bits(const BIGNUM *a)
    return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
 }

+static void bn_free_d(BIGNUM *a)
+{
+    if (BN_get_flags(a,BN_FLG_SECURE))
+        OPENSSL_secure_free(a->d);
+    else
+        OPENSSL_free(a->d);
+}
+
+
 void BN_clear_free(BIGNUM *a)
 {
    int i;
@ -232,15 +241,11 @@ void BN_clear_free(BIGNUM *a)
    bn_check_top(a);
    if (a->d != NULL) {
        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
-        if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) {
-            if (BN_get_flags(a,BN_FLG_SECURE))
-                OPENSSL_secure_free(a->d);
-            else
-                OPENSSL_free(a->d);
-        }
+        if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
+            bn_free_d(a);
    }
    i = BN_get_flags(a, BN_FLG_MALLOCED);
-    OPENSSL_cleanse(a, sizeof(BIGNUM));
+    OPENSSL_cleanse(a, sizeof(*a));
    if (i)
        OPENSSL_free(a);
 }
@ -251,12 +256,7 @@ void BN_free(BIGNUM *a)
        return;
    bn_check_top(a);
    if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
-    if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) {
-        if (BN_get_flags(a, BN_FLG_SECURE))
-            OPENSSL_secure_free(a->d);
-        else
-            OPENSSL_free(a->d);
-    }
+        bn_free_d(a);
    if (a->flags & BN_FLG_MALLOCED)
        OPENSSL_free(a);
    else {
@ -399,10 +399,8 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
        if (!a)
            return NULL;
        if (b->d) {
-            if (BN_get_flags(b,BN_FLG_SECURE))
-                OPENSSL_secure_free(b->d);
-            else
-                OPENSSL_free(b->d);
+            OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0]));
+            bn_free_d(b);
        }
        b->d = a;
        b->dmax = words;
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@ -196,7 +196,9 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
    rp = r->d;

    /* clear the top words of T */
-    memset(&rp[r->top], 0, sizeof(*rp) * (max - r->top));
+    i = max - r->top;
+    if (i)
+        memset(&rp[r->top], 0, sizeof(*rp) * i);

    r->top = max;
    n0 = mont->n0[0];