]> git.ipfire.org Git - thirdparty/hostap.git/commit
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a5257a7) | patch
OpenSSL: Use BN_clear_free instead of BN_free
authorFlorent Daigniere <nextgens@freenetproject.org>
Fri, 27 Jun 2014 09:58:10 +0000 (11:58 +0200)
committerJouni Malinen <j@w1.fi>
Thu, 24 Jul 2014 16:28:39 +0000 (19:28 +0300)
commit3248071dc3165719a087b401f12fef732b0c4e64
tree91551b58654cff3af642ac821e01e362bcd52db6tree
parenta5257a7a27102babec81b31b07941ec60b41af72commit | diff
OpenSSL: Use BN_clear_free instead of BN_free

This changes OpenSSL calls to explicitly clear the bignum memory
allocations when freeing them. This adds an extra layer of security by
avoiding leaving potentially private keys into local memory after they
are not needed anymore. While some of these variables are not really
private (e.g., they are sent in clear anyway), the extra cost of
clearing them is not significant and it is simpler to just clear these
explicitly rather than review each possible code path to confirm where
this does not help.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
src/crypto/crypto_openssl.c diff | blob | blame | history
src/eap_common/eap_pwd_common.c diff | blob | blame | history
src/eap_peer/eap_pwd.c diff | blob | blame | history
src/eap_server/eap_server_pwd.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.