generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

This memset() in the ubsec ENGINE is a bug. Zeroing out the result array

Browse Source 
should not be necessary in any case, but more importantly the result and
input BIGNUMs could be the same, in which case this is clearly a problem.

Submitted by: Jonathan Hersch
Reviewed by: Joe Orton
Approved by: Geoff Thorpe
This commit is contained in:
Geoff Thorpe 2003-06-06 17:53:24 +00:00
parent 476f09712c
commit bc63a2ee0e
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/engine/hw_ubsec.c
View File

@ -561,7 +561,6 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL); UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
return 0; return 0;
} }
memset(r->d, 0, BN_num_bytes(m));
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
fd = 0; fd = 0;