#include <assert.h>
#include <limits.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include "bn_lcl.h"
const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
bn_check_top(a);
if (a->d != NULL) {
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
- if (!(BN_get_flags(a, BN_FLG_STATIC_DATA)))
- OPENSSL_free(a->d);
+ if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) {
+ if (BN_get_flags(a,BN_FLG_SECURE))
+ OPENSSL_secure_free(a->d);
+ else
+ OPENSSL_free(a->d);
+ }
}
i = BN_get_flags(a, BN_FLG_MALLOCED);
OPENSSL_cleanse(a, sizeof(BIGNUM));
return;
bn_check_top(a);
if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
- OPENSSL_free(a->d);
+ if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) {
+ if (BN_get_flags(a, BN_FLG_SECURE))
+ OPENSSL_secure_free(a->d);
+ else
+ OPENSSL_free(a->d);
+ }
if (a->flags & BN_FLG_MALLOCED)
OPENSSL_free(a);
else {
void BN_init(BIGNUM *a)
{
- memset(a, 0, sizeof(BIGNUM));
+ memset(a, 0, sizeof(*a));
bn_check_top(a);
}
return (ret);
}
+ BIGNUM *BN_secure_new(void)
+ {
+ BIGNUM *ret = BN_new();
+ if (ret)
+ ret->flags |= BN_FLG_SECURE;
+ return (ret);
+ }
+
/* This is used both by bn_expand2() and bn_dup_expand() */
/* The caller MUST check that words > b->dmax before calling this */
static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
return (NULL);
}
- a = A = OPENSSL_malloc(sizeof(*a) * words);
+ if (BN_get_flags(b,BN_FLG_SECURE))
+ a = A = OPENSSL_secure_malloc(words * sizeof(*a));
+ else
+ a = A = OPENSSL_malloc(words * sizeof(*a));
if (A == NULL) {
BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
return (NULL);
* function - what's important is constant time operation (we're not
* actually going to use the data)
*/
- memset(a, 0, sizeof(BN_ULONG) * words);
+ memset(a, 0, sizeof(*a) * words);
#endif
#if 1
}
}
#else
- memset(A, 0, sizeof(BN_ULONG) * words);
+ memset(A, 0, sizeof(*A) * words);
memcpy(A, b->d, sizeof(b->d[0]) * b->top);
#endif
BN_ULONG *a = bn_expand_internal(b, words);
if (!a)
return NULL;
- OPENSSL_free(b->d);
+ if (b->d) {
+ if (BN_get_flags(b,BN_FLG_SECURE))
+ OPENSSL_secure_free(b->d);
+ else
+ OPENSSL_free(b->d);
+ }
b->d = a;
b->dmax = words;
}
return NULL;
bn_check_top(a);
- t = BN_new();
+ t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new();
if (t == NULL)
return NULL;
if (!BN_copy(t, a)) {
{
bn_check_top(a);
if (a->d != NULL)
- memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+ memset(a->d, 0, sizeof(*a->d) * a->dmax);
a->top = 0;
a->neg = 0;
}