From: Geoff Thorpe <geoff@openssl.org>
Date: Fri, 6 Jun 2003 17:54:22 +0000 (+0000)
Subject: This memset() in the ubsec ENGINE is a bug. Zeroing out the result array
X-Git-Tag: OpenSSL-engine-0_9_6k~8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fd509d6da52e8cb34dc2a2cdc122fb20227cdee8;p=openssl

This memset() in the ubsec ENGINE is a bug. Zeroing out the result array
should not be necessary in any case, but more importantly the result and
input BIGNUMs could be the same, in which case this is clearly a problem.

Submitted by: Jonathan Hersch
Reviewed by: Joe Orton
Approved by: Geoff Thorpe
---

diff --git a/crypto/engine/hw_ubsec.c b/crypto/engine/hw_ubsec.c
index e649e6391d..e273839b07 100644
--- a/crypto/engine/hw_ubsec.c
+++ b/crypto/engine/hw_ubsec.c
@@ -513,7 +513,6 @@ static int ubsec_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 		ENGINEerr(ENGINE_F_UBSEC_MOD_EXP, ENGINE_R_BN_EXPAND_FAIL);
 		goto err;
 		}
-	memset(r->d, 0, BN_num_bytes(m));
 
 	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) 
 	        {