]> granicus.if.org Git - openssl/commitdiff
projects / openssl / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7fd79b9)
This memset() in the ubsec ENGINE is a bug. Zeroing out the result array
authorGeoff Thorpe <geoff@openssl.org>
Fri, 6 Jun 2003 17:54:22 +0000 (17:54 +0000)
committerGeoff Thorpe <geoff@openssl.org>
Fri, 6 Jun 2003 17:54:22 +0000 (17:54 +0000)
should not be necessary in any case, but more importantly the result and
input BIGNUMs could be the same, in which case this is clearly a problem.

Submitted by: Jonathan Hersch
Reviewed by: Joe Orton
Approved by: Geoff Thorpe

crypto/engine/hw_ubsec.c patch | blob | history

diff --git a/crypto/engine/hw_ubsec.c b/crypto/engine/hw_ubsec.c
index e649e6391de0df5acca1419bd3bdc0f181eadfeb..e273839b07d7723d26e80b9787345f5c9feb6c86 100644 (file)
--- a/crypto/engine/hw_ubsec.c
+++ b/crypto/engine/hw_ubsec.c
@@ -513,7 +513,6 @@ static int ubsec_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                ENGINEerr(ENGINE_F_UBSEC_MOD_EXP, ENGINE_R_BN_EXPAND_FAIL);
                goto err;
                }
-       memset(r->d, 0, BN_num_bytes(m));
 
        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) 
                {
Unnamed repository; edit this file 'description' to name the repository.