[openssl-commits] [openssl] master update
Paul I. Dale
pauli at openssl.org
Thu Sep 6 04:52:00 UTC 2018
The branch master has been updated
via 82eba370daeb6d80b01b521d9e2963451487f0cb (commit)
from 2eb2b4f3a12d0b8807447913a3b16f21104c701b (commit)
- Log -----------------------------------------------------------------
commit 82eba370daeb6d80b01b521d9e2963451487f0cb
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Mon Sep 3 11:39:50 2018 +1000
RSA padding Zeroization fixes
Reviewed-by: Paul Yang <yang.yang at baishancloud.com>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7090)
-----------------------------------------------------------------------
Summary of changes:
crypto/rsa/rsa_oaep.c | 34 +++++++++++++++++++---------------
crypto/rsa/rsa_pss.c | 4 ++--
2 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index dfea063..f13c6fc 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -43,10 +43,12 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD *mgf1md)
{
+ int rv = 0;
int i, emlen = tlen - 1;
unsigned char *db, *seed;
- unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE];
- int mdlen;
+ unsigned char *dbmask = NULL;
+ unsigned char seedmask[EVP_MAX_MD_SIZE];
+ int mdlen, dbmask_len = 0;
if (md == NULL)
md = EVP_sha1();
@@ -72,35 +74,35 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
db = to + mdlen + 1;
if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))
- return 0;
+ goto err;
memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
db[emlen - flen - mdlen - 1] = 0x01;
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
if (RAND_bytes(seed, mdlen) <= 0)
- return 0;
+ goto err;
- dbmask = OPENSSL_malloc(emlen - mdlen);
+ dbmask_len = emlen - mdlen;
+ dbmask = OPENSSL_malloc(dbmask_len);
if (dbmask == NULL) {
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
- if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
+ if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0)
goto err;
- for (i = 0; i < emlen - mdlen; i++)
+ for (i = 0; i < dbmask_len; i++)
db[i] ^= dbmask[i];
- if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
+ if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0)
goto err;
for (i = 0; i < mdlen; i++)
seed[i] ^= seedmask[i];
-
- OPENSSL_free(dbmask);
- return 1;
+ rv = 1;
err:
- OPENSSL_free(dbmask);
- return 0;
+ OPENSSL_cleanse(seedmask, sizeof(seedmask));
+ OPENSSL_clear_free(dbmask, dbmask_len);
+ return rv;
}
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -242,6 +244,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
RSA_R_OAEP_DECODING_ERROR);
cleanup:
+ OPENSSL_cleanse(seed, sizeof(seed));
OPENSSL_clear_free(db, dblen);
OPENSSL_clear_free(em, num);
return mlen;
@@ -284,6 +287,7 @@ int PKCS1_MGF1(unsigned char *mask, long len,
}
rv = 0;
err:
+ OPENSSL_cleanse(md, sizeof(md));
EVP_MD_CTX_free(c);
return rv;
}
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index 4484ff2..26d5f36 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -244,7 +244,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
err:
EVP_MD_CTX_free(ctx);
- OPENSSL_free(salt);
+ OPENSSL_clear_free(salt, sLen);
return ret;
More information about the openssl-commits
mailing list