Commit e7716b7a authored by Geoff Thorpe's avatar Geoff Thorpe
Browse files

More changes coming out of the bignum auditing. BN_CTX_get() should ideally 

return a "zero" bignum as BN_new() does - so reset 'top'. During
BN_CTX_end(), released bignums should be consistent so enforce this in
debug builds. Also, reduce the number of wasted BN_clear_free() calls from
BN_CTX_end() (typically by 75% or so).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe, Ulf Möller
parent a4e3150f

crypto/bn/bn_ctx.c

+6 −12
Original line number Diff line number Diff line
@@ -123,6 +123,7 @@ void BN_CTX_free(BN_CTX *ctx) 


	for (i=0; i < BN_CTX_NUM; i++) {

		bn_check_top(&(ctx->bn[i]));

		if (ctx->bn[i].d)

			BN_clear_free(&(ctx->bn[i]));

	}

	if (ctx->flags & BN_FLG_MALLOCED)
@@ -154,7 +155,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) 
			}

		return NULL;

		}

	bn_check_top(&(ctx->bn[ctx->tos]));

	/* always return a 'zeroed' bignum */

	ctx->bn[ctx->tos].top = 0;

	return (&(ctx->bn[ctx->tos++]));

	}
@@ -170,19 +172,11 @@ void BN_CTX_end(BN_CTX *ctx) 


	ctx->too_many = 0;

	ctx->depth--;

	/* It appears some "scrapbook" uses of BN_CTX result in BIGNUMs being

	 * left in an inconsistent state when they are released (eg. BN_div).

	 * These can trip us up when they get reused, so the safest fix is to

	 * make sure the BIGNUMs are made sane when the context usage is

	 * releasing them. */

	if (ctx->depth < BN_CTX_NUM_POS)

#if 0

#ifndef BN_DEBUG

		ctx->tos = ctx->pos[ctx->depth];

#else

		{

		while(ctx->tos > ctx->pos[ctx->depth])

			/* This ensures the BIGNUM is sane(r) for reuse. */

			ctx->bn[--(ctx->tos)].top = 0;

		}

			bn_check_top(&ctx->bn[--(ctx->tos)]);

#endif

	}