[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Sat Jul 29 13:01:41 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via a2ce081490891a561be40d943513458b3568fd1c (commit)
from 49616d925251a8d38ef2af55d045a778215a7b55 (commit)
- Log -----------------------------------------------------------------
commit a2ce081490891a561be40d943513458b3568fd1c
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Sat Jul 29 12:19:29 2017 +0200
Clean password buffer on stack for PEM_read_bio_PrivateKey
and d2i_PKCS8PrivateKey_bio before it goes out of scope.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4047)
(cherry picked from commit 02fd47c8b0930dff9b188fd13bfb9da5e59444a8)
-----------------------------------------------------------------------
Summary of changes:
crypto/pem/pem_pk8.c | 1 +
crypto/pem/pem_pkey.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 993c595..5caad9f 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -131,6 +131,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
+ OPENSSL_cleanse(psbuf, klen);
if (!p8inf)
return NULL;
ret = EVP_PKCS82PKEY(p8inf);
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 6308622..671b374 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -66,6 +66,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
+ OPENSSL_cleanse(psbuf, klen);
if (!p8inf)
goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
More information about the openssl-commits
mailing list