[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Paul I. Dale pauli at openssl.org
Thu Sep 6 04:55:10 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  1ed9fafccc37bcc78c12d20d586842ee7c7cd8a6 (commit)
      from  a842be9cf7bdf3cb3abbfe152d811cbc57dded27 (commit)


- Log -----------------------------------------------------------------
commit 1ed9fafccc37bcc78c12d20d586842ee7c7cd8a6
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Mon Sep 3 11:39:50 2018 +1000

    RSA padding Zeroization fixes
    
    Reviewed-by: Paul Yang <yang.yang at baishancloud.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7090)
    
    (cherry picked from commit 82eba370daeb6d80b01b521d9e2963451487f0cb)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rsa/rsa_oaep.c | 33 +++++++++++++++++++--------------
 crypto/rsa/rsa_pss.c  |  4 ++--
 2 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index f313519..df08a2f 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -43,10 +43,12 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
                                     const unsigned char *param, int plen,
                                     const EVP_MD *md, const EVP_MD *mgf1md)
 {
+    int rv = 0;
     int i, emlen = tlen - 1;
     unsigned char *db, *seed;
-    unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE];
-    int mdlen;
+    unsigned char *dbmask = NULL;
+    unsigned char seedmask[EVP_MAX_MD_SIZE];
+    int mdlen, dbmask_len = 0;
 
     if (md == NULL)
         md = EVP_sha1();
@@ -72,40 +74,41 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
     db = to + mdlen + 1;
 
     if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))
-        return 0;
+        goto err;
     memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
     db[emlen - flen - mdlen - 1] = 0x01;
     memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
     if (RAND_bytes(seed, mdlen) <= 0)
-        return 0;
+        goto err;
+
 #ifdef PKCS_TESTVECT
     memcpy(seed,
            "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
            20);
 #endif
 
-    dbmask = OPENSSL_malloc(emlen - mdlen);
+    dbmask_len = emlen - mdlen;
+    dbmask = OPENSSL_malloc(dbmask_len);
     if (dbmask == NULL) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
-        return 0;
+        goto err;
     }
 
-    if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
+    if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0)
         goto err;
-    for (i = 0; i < emlen - mdlen; i++)
+    for (i = 0; i < dbmask_len; i++)
         db[i] ^= dbmask[i];
 
-    if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
+    if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0)
         goto err;
     for (i = 0; i < mdlen; i++)
         seed[i] ^= seedmask[i];
-
-    OPENSSL_free(dbmask);
-    return 1;
+    rv = 1;
 
  err:
-    OPENSSL_free(dbmask);
-    return 0;
+    OPENSSL_cleanse(seedmask, sizeof(seedmask));
+    OPENSSL_clear_free(dbmask, dbmask_len);
+    return rv;
 }
 
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -247,6 +250,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
     RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
            RSA_R_OAEP_DECODING_ERROR);
  cleanup:
+    OPENSSL_cleanse(seed, sizeof(seed));
     OPENSSL_clear_free(db, dblen);
     OPENSSL_clear_free(em, num);
     return mlen;
@@ -289,6 +293,7 @@ int PKCS1_MGF1(unsigned char *mask, long len,
     }
     rv = 0;
  err:
+    OPENSSL_cleanse(md, sizeof(md));
     EVP_MD_CTX_free(c);
     return rv;
 }
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index f814338..4a1e599 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -242,7 +242,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 
  err:
     EVP_MD_CTX_free(ctx);
-    OPENSSL_free(salt);
+    OPENSSL_clear_free(salt, sLen);
 
     return ret;
 


More information about the openssl-commits mailing list