diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index d22a83fc3423284c77d03fd2e59b932cbea511b0..ad2a47e09f78d6bfda27978e2a2a96d1480f25e1 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -179,37 +179,26 @@ static void bn_free_d(BIGNUM *a) void BN_clear_free(BIGNUM *a) { - int i; - if (a == NULL) return; - bn_check_top(a); - if (a->d != NULL) { + if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); - if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) - bn_free_d(a); + bn_free_d(a); } - i = BN_get_flags(a, BN_FLG_MALLOCED); - OPENSSL_cleanse(a, sizeof(*a)); - if (i) + if (BN_get_flags(a, BN_FLG_MALLOCED)) { + OPENSSL_cleanse(a, sizeof(*a)); OPENSSL_free(a); + } } void BN_free(BIGNUM *a) { if (a == NULL) return; - bn_check_top(a); if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) bn_free_d(a); if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); - else { -#if OPENSSL_API_COMPAT < 0x00908000L - a->flags |= BN_FLG_FREE; -#endif - a->d = NULL; - } } void bn_init(BIGNUM *a) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index cd77867dee9f7cdfab49054415f1f96f56e623dc..abf68aa25d8a86cdda96969aa5d0203d0a4575a2 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -374,13 +374,19 @@ static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) { BIGNUM *a; - if (src) { - a = BN_dup(src); - if (!a) - return 0; - } else + + /* + * If source is read only just copy the pointer, so + * we don't have to reallocate it. + */ + if (src == NULL) a = NULL; - BN_free(*dst); + else if (BN_get_flags(src, BN_FLG_STATIC_DATA) + && !BN_get_flags(src, BN_FLG_MALLOCED)) + a = (BIGNUM *)src; + else if ((a = BN_dup(src)) == NULL) + return 0; + BN_clear_free(*dst); *dst = a; return 1; }