Commit fd509d6d authored by Geoff Thorpe's avatar Geoff Thorpe
Browse files

This memset() in the ubsec ENGINE is a bug. Zeroing out the result array 

should not be necessary in any case, but more importantly the result and
input BIGNUMs could be the same, in which case this is clearly a problem.

Submitted by: Jonathan Hersch
Reviewed by: Joe Orton
Approved by: Geoff Thorpe
parent 7fd79b98

crypto/engine/hw_ubsec.c

+0 −1
Original line number Diff line number Diff line
@@ -513,7 +513,6 @@ static int ubsec_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, 
		ENGINEerr(ENGINE_F_UBSEC_MOD_EXP, ENGINE_R_BN_EXPAND_FAIL);

		goto err;

		}

	memset(r->d, 0, BN_num_bytes(m));



	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) 

	        {