BN_clear() does not free the BIGNUM; it only clears its value. Fix this
memory leak by using the appropriate BN_clear_free() function instead.
Fixes: b11fa98bcb8a ("Add explicit checks for peer's DH public key")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
failed = !q || !ctx || !tmp ||
!BN_mod_exp(tmp, pub, q, p, ctx) ||
!BN_is_one(tmp);
- BN_clear(q);
- BN_clear(tmp);
+ BN_clear_free(q);
+ BN_clear_free(tmp);
BN_CTX_free(ctx);
if (failed)
goto fail;
res = crypto_mod_exp(pubkey, pubkey_len, privkey, privkey_len,
prime, prime_len, secret, len);
fail:
- BN_clear(pub);
- BN_clear(p);
+ BN_clear_free(pub);
+ BN_clear_free(p);
return res;
}