Skip to content

Commit

Permalink
Clean password buffer on stack for PEM_read_bio_PrivateKey
Browse files Browse the repository at this point in the history 
and d2i_PKCS8PrivateKey_bio before it goes out of scope.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from openssl#4047)

(cherry picked from commit 02fd47c)
  • Loading branch information
@bernd-edlinger @pracj3am
bernd-edlinger authored and pracj3am committed Aug 22, 2017
1 parent e41d563 commit 6df2b1d
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions crypto/pem/pem_pk8.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
if (!p8inf)
return NULL;
ret = EVP_PKCS82PKEY(p8inf);
Expand Down
1 change: 1 addition & 0 deletions crypto/pem/pem_pkey.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
if (!p8inf)
goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
Expand Down

0 comments on commit 6df2b1d

Please sign in to comment.