From 176348630a07f53808b33dae05c61b6dd0d8ef7f Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Tue, 1 Nov 2016 21:59:07 -0700
Subject: [PATCH] Don't clear BigNums in destructor

Instead add a clear method.
---
 openssl-sys/src/lib.rs | 2 ++
 openssl/src/bn.rs      | 9 ++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 1a9a2ac1..f30d9f03 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -1274,6 +1274,8 @@ extern {
 
     pub fn BN_new() -> *mut BIGNUM;
     pub fn BN_dup(n: *const BIGNUM) -> *mut BIGNUM;
+    pub fn BN_clear(bn: *mut BIGNUM);
+    pub fn BN_free(bn: *mut BIGNUM);
     pub fn BN_clear_free(bn: *mut BIGNUM);
 
     pub fn BN_CTX_new() -> *mut BN_CTX;
diff --git a/openssl/src/bn.rs b/openssl/src/bn.rs
index 7bc8b2c9..989f65e0 100644
--- a/openssl/src/bn.rs
+++ b/openssl/src/bn.rs
@@ -225,6 +225,13 @@ impl BnCtx {
 }
 
 impl Ref<BigNum> {
+    /// Erases the memory used by this `BigNum`, resetting its value to 0.
+    ///
+    /// This can be used to destroy sensitive data such as keys when they are no longer needed.
+    pub fn clear(&mut self) {
+        unsafe { ffi::BN_clear(self.as_ptr()) }
+    }
+
     /// Adds a `u32` to `self`.
     pub fn add_word(&mut self, w: u32) -> Result<(), ErrorStack> {
         unsafe { cvt(ffi::BN_add_word(self.as_ptr(), w as ffi::BN_ULONG)).map(|_| ()) }
@@ -431,7 +438,7 @@ impl Ref<BigNum> {
     }
 }
 
-type_!(BigNum, ffi::BIGNUM, ffi::BN_clear_free);
+type_!(BigNum, ffi::BIGNUM, ffi::BN_free);
 
 impl BigNum {
     /// Creates a new `BigNum` with the value 0.