[openssl/openssl] fb323b: zeroize rsa->p,rsa->q on error
Sashan
noreply at github.com
Tue May 14 13:58:03 UTC 2024
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: fb323b27754089a34dc2a6a96a9b48cd4d0ee936
https://github.com/openssl/openssl/commit/fb323b27754089a34dc2a6a96a9b48cd4d0ee936
Author: Alexandr Nedvedicky <sashan at openssl.org>
Date: 2024-05-14 (Tue, 14 May 2024)
Changed paths:
M crypto/rsa/rsa_sp800_56b_gen.c
Log Message:
-----------
zeroize rsa->p,rsa->q on error
this is rquired by fipd-186-5 section A.1.6, step 7:
Zeroize the internally generated values that are not returned
In OpenSSL code we need to zero p, q members of rsa structure. The rsa
structure is provided by ossl_rsa_fips186_4_gen_prob_primes() caller.
The remaining values (variables) mentioned by standard are zeroed
already in functions we call from ossl_rsa_fips186_4_gen_prob_primes().
Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24358)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list