[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Some anti-forensics paranoia...
commit 01132c93fdfd634475c6d56455efdfe1cff1fe83
Author: Florent Daigniere <nextgens@xxxxxxxxxxxxxxxxxx>
Date: Sun Feb 2 18:40:30 2014 +0000
Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
---
src/common/crypto.c | 20 ++++++++++----------
src/common/tortls.c | 2 +-
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 940a756..925beb3 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -486,7 +486,7 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
r = NULL;
done:
if (e)
- BN_free(e);
+ BN_clear_free(e);
if (r)
RSA_free(r);
}
@@ -1922,7 +1922,7 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname)
/* If the space is occupied, free the previous TLS DH prime */
if (dh_param_p_tls) {
- BN_free(dh_param_p_tls);
+ BN_clear_free(dh_param_p_tls);
dh_param_p_tls = NULL;
}
@@ -2084,8 +2084,8 @@ crypto_dh_generate_public(crypto_dh_t *dh)
log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid. I guess once-in-"
"the-universe chances really do happen. Trying again.");
/* Free and clear the keys, so OpenSSL will actually try again. */
- BN_free(dh->dh->pub_key);
- BN_free(dh->dh->priv_key);
+ BN_clear_free(dh->dh->pub_key);
+ BN_clear_free(dh->dh->priv_key);
dh->dh->pub_key = dh->dh->priv_key = NULL;
goto again;
}
@@ -2147,10 +2147,10 @@ tor_check_dh_key(int severity, BIGNUM *bn)
log_fn(severity, LD_CRYPTO, "DH key must be at most p-2.");
goto err;
}
- BN_free(x);
+ BN_clear_free(x);
return 0;
err:
- BN_free(x);
+ BN_clear_free(x);
s = BN_bn2hex(bn);
log_fn(severity, LD_CRYPTO, "Rejecting insecure DH key [%s]", s);
OPENSSL_free(s);
@@ -2209,7 +2209,7 @@ crypto_dh_compute_secret(int severity, crypto_dh_t *dh,
done:
crypto_log_errors(LOG_WARN, "completing DH handshake");
if (pubkey_bn)
- BN_free(pubkey_bn);
+ BN_clear_free(pubkey_bn);
if (secret_tmp) {
memwipe(secret_tmp, 0, secret_tmp_len);
tor_free(secret_tmp);
@@ -3118,11 +3118,11 @@ crypto_global_cleanup(void)
ERR_free_strings();
if (dh_param_p)
- BN_free(dh_param_p);
+ BN_clear_free(dh_param_p);
if (dh_param_p_tls)
- BN_free(dh_param_p_tls);
+ BN_clear_free(dh_param_p_tls);
if (dh_param_g)
- BN_free(dh_param_g);
+ BN_clear_free(dh_param_g);
#ifndef DISABLE_ENGINES
ENGINE_cleanup();
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 60444f1..886ee0d 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -694,7 +694,7 @@ tor_tls_create_certificate(crypto_pk_t *rsa,
if (pkey)
EVP_PKEY_free(pkey);
if (serial_number)
- BN_free(serial_number);
+ BN_clear_free(serial_number);
if (name)
X509_NAME_free(name);
if (name_issuer)
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits