diff options
| author | Florent Daigniere <nextgens@freenetproject.org> | 2014-02-02 18:40:30 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-02-03 10:44:19 -0500 |
| commit | 9d6e805d289ffe913fd7226aef9e31a5c6e8747e (patch) | |
| tree | d733c0f1c47fc232dcbc419fef6598f3abc35467 /src/common | |
| parent | cac5949697ba1686fd3c5f3b17960273815a6a93 (diff) | |
| download | tor-9d6e805d289ffe913fd7226aef9e31a5c6e8747e.tar.gz tor-9d6e805d289ffe913fd7226aef9e31a5c6e8747e.zip | |
Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/crypto.c | 20 | ||||
| -rw-r--r-- | src/common/tortls.c | 2 |
2 files changed, 11 insertions, 11 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 347f27e130..9bdb1f41fa 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -524,7 +524,7 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) r = NULL; done: if (e) - BN_free(e); + BN_clear_free(e); if (r) RSA_free(r); } @@ -1924,7 +1924,7 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname) /* If the space is occupied, free the previous TLS DH prime */ if (dh_param_p_tls) { - BN_free(dh_param_p_tls); + BN_clear_free(dh_param_p_tls); dh_param_p_tls = NULL; } @@ -2086,8 +2086,8 @@ crypto_dh_generate_public(crypto_dh_t *dh) log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid. I guess once-in-" "the-universe chances really do happen. Trying again."); /* Free and clear the keys, so OpenSSL will actually try again. */ - BN_free(dh->dh->pub_key); - BN_free(dh->dh->priv_key); + BN_clear_free(dh->dh->pub_key); + BN_clear_free(dh->dh->priv_key); dh->dh->pub_key = dh->dh->priv_key = NULL; goto again; } @@ -2149,10 +2149,10 @@ tor_check_dh_key(int severity, BIGNUM *bn) log_fn(severity, LD_CRYPTO, "DH key must be at most p-2."); goto err; } - BN_free(x); + BN_clear_free(x); return 0; err: - BN_free(x); + BN_clear_free(x); s = BN_bn2hex(bn); log_fn(severity, LD_CRYPTO, "Rejecting insecure DH key [%s]", s); OPENSSL_free(s); @@ -2211,7 +2211,7 @@ crypto_dh_compute_secret(int severity, crypto_dh_t *dh, done: crypto_log_errors(LOG_WARN, "completing DH handshake"); if (pubkey_bn) - BN_free(pubkey_bn); + BN_clear_free(pubkey_bn); if (secret_tmp) { memwipe(secret_tmp, 0, secret_tmp_len); tor_free(secret_tmp); @@ -3120,11 +3120,11 @@ crypto_global_cleanup(void) ERR_free_strings(); if (dh_param_p) - BN_free(dh_param_p); + BN_clear_free(dh_param_p); if (dh_param_p_tls) - BN_free(dh_param_p_tls); + BN_clear_free(dh_param_p_tls); if (dh_param_g) - BN_free(dh_param_g); + BN_clear_free(dh_param_g); #ifndef DISABLE_ENGINES ENGINE_cleanup(); diff --git a/src/common/tortls.c b/src/common/tortls.c index 3d6efeba04..315a767e9e 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -691,7 +691,7 @@ tor_tls_create_certificate(crypto_pk_t *rsa, if (pkey) EVP_PKEY_free(pkey); if (serial_number) - BN_free(serial_number); + BN_clear_free(serial_number); if (name) X509_NAME_free(name); if (name_issuer) |