- markus@cvs.openbsd.org 2001/12/27 19:37:23

[dh.c kexdh.c kexgex.c] always use BN_clear_free instead of BN_free
2025-07-31 01:35:11 +02:00 · 2002-01-22 23:10:33 +11:00 · 2002-01-22 23:10:33 +11:00 · 9ef95ddcaf
commit 9ef95ddcaf
parent 040b64f60a
4 changed files with 18 additions and 15 deletions
--- a/5
+++ b/5
@ -45,6 +45,9 @@
   - markus@cvs.openbsd.org 2001/12/27 18:26:13
     [authfile.c]
     missing include
   - markus@cvs.openbsd.org 2001/12/27 19:37:23
     [dh.c kexdh.c kexgex.c]
     always use BN_clear_free instead of BN_free
 20020121
 - (djm) Rework ssh-rand-helper:
@ -7192,4 +7195,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1735 2002/01/22 12:10:04 djm Exp $
+$Id: ChangeLog,v 1.1736 2002/01/22 12:10:33 djm Exp $
--- a/dh.c
+++ b/dh.c
@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.18 2001/12/27 18:22:16 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.19 2001/12/27 19:37:22 markus Exp $");
 #include "xmalloc.h"
@ -94,8 +94,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 	return (1);
 failclean:
-	BN_free(dhg->g);
+	BN_clear_free(dhg->g);
-	BN_free(dhg->p);
+	BN_clear_free(dhg->p);
 fail:
 	error("Bad prime description in line %d", linenum);
 	return (0);
@ -122,8 +122,8 @@ choose_dh(int min, int wantbits, int max)
 		linenum++;
 		if (!parse_prime(linenum, line, &dhg))
 			continue;
-		BN_free(dhg.g);
+		BN_clear_free(dhg.g);
-		BN_free(dhg.p);
+		BN_clear_free(dhg.p);
 		if (dhg.size > max || dhg.size < min)
 			continue;
@ -152,8 +152,8 @@ choose_dh(int min, int wantbits, int max)
 		if ((dhg.size > max || dhg.size < min) ||
 		    dhg.size != best ||
 		    linenum++ != which) {
-			BN_free(dhg.g);
+			BN_clear_free(dhg.g);
-			BN_free(dhg.p);
+			BN_clear_free(dhg.p);
 			continue;
 		}
 		break;
@ -203,7 +203,7 @@ dh_gen_key(DH *dh, int need)
 		    BN_num_bits(dh->p), 2*need);
 	do {
 		if (dh->priv_key != NULL)
-			BN_free(dh->priv_key);
+			BN_clear_free(dh->priv_key);
 		if ((dh->priv_key = BN_new()) == NULL)
 			fatal("dh_gen_key: BN_new failed");
 		/* generate a 2*need bits random private exponent */
--- a/kexdh.c
+++ b/kexdh.c
@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.8 2001/12/27 18:22:16 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.9 2001/12/27 19:37:22 markus Exp $");
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
@ -171,7 +171,7 @@ kexdh_client(Kex *kex)
 	    shared_secret
 	);
 	xfree(server_host_key_blob);
-	BN_free(dh_server_pub);
+	BN_clear_free(dh_server_pub);
 	DH_free(dh);
 	if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
@ -262,7 +262,7 @@ kexdh_server(Kex *kex)
 	    dh->pub_key,
 	    shared_secret
 	);
-	BN_free(dh_client_pub);
+	BN_clear_free(dh_client_pub);
 	/* save session id := H */
 	/* XXX hashlen depends on KEX */
--- a/kexgex.c
+++ b/kexgex.c
@ -24,7 +24,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.11 2001/12/27 18:22:16 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.12 2001/12/27 19:37:23 markus Exp $");
 #include <openssl/bn.h>
@ -232,7 +232,7 @@ kexgex_client(Kex *kex)
 	/* have keys, free DH */
 	DH_free(dh);
 	xfree(server_host_key_blob);
-	BN_free(dh_server_pub);
+	BN_clear_free(dh_server_pub);
 	if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
 		fatal("key_verify failed for server_host_key");
@ -365,7 +365,7 @@ kexgex_server(Kex *kex)
 	    dh->pub_key,
 	    shared_secret
 	);
-	BN_free(dh_client_pub);
+	BN_clear_free(dh_client_pub);
 	/* save session id := H */
 	/* XXX hashlen depends on KEX */