Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix leaked password in pkcs8 pkey decrypt #4047

Closed
wants to merge 2 commits into from
Closed

Fix leaked password in pkcs8 pkey decrypt #4047

wants to merge 2 commits into from

Conversation

bernd-edlinger
Copy link
Member

When a pkcs8 private key is decrypted the used password is left on the stack.
As there is zero test coverage, I wanted to have at least one test that executes
this code, so I thought I extend the only test that uses the pkcs8 command.

@bernd-edlinger bernd-edlinger added branch: 1.0.2 Merge to OpenSSL_1_0_2-stable branch 1.1.0 branch: master Merge to master branch labels Jul 29, 2017
richsalz
richsalz approved these changes Jul 29, 2017
View reviewed changes
Copy link
Contributor

@richsalz richsalz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you backport the fixes to 1.0.2 also (just cherry-pick what works) and the whole thing to 1.1.0?

@richsalz richsalz added the approval: done This pull request has the required number of approvals label Jul 29, 2017
@richsalz
Copy link
Contributor

I mean, I'm glad you're going to do that :)

@bernd-edlinger
Copy link
Member Author

Yes, OK :-)

levitte pushed a commit that referenced this pull request Jul 29, 2017
@bernd-edlinger
Clean password buffer on stack for PEM_read_bio_PrivateKey
02fd47c 
and d2i_PKCS8PrivateKey_bio before it goes out of scope.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #4047)
levitte pushed a commit that referenced this pull request Jul 29, 2017
@bernd-edlinger
Add some test coverage for PEM_read_bio_PrivateKey
0443b11 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #4047)
levitte pushed a commit that referenced this pull request Jul 29, 2017
@bernd-edlinger
Clean password buffer on stack for PEM_read_bio_PrivateKey
a2ce081 
and d2i_PKCS8PrivateKey_bio before it goes out of scope.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #4047)

(cherry picked from commit 02fd47c)
levitte pushed a commit that referenced this pull request Jul 29, 2017
@bernd-edlinger
Clean password buffer on stack for PEM_read_bio_PrivateKey
5292833 
and d2i_PKCS8PrivateKey_bio before it goes out of scope.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #4047)

(cherry picked from commit 02fd47c)
@bernd-edlinger
Copy link
Member Author

merged to all branches.
Could not cherry-pick the test case to 1.1.0, because the whole test case is new.

pracj3am pushed a commit to cdn77/openssl that referenced this pull request Aug 22, 2017
@bernd-edlinger @pracj3am
Clean password buffer on stack for PEM_read_bio_PrivateKey
6df2b1d 
and d2i_PKCS8PrivateKey_bio before it goes out of scope.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from openssl#4047)

(cherry picked from commit 02fd47c)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richsalz richsalz richsalz approved these changes

Assignees
No one assigned
Labels
approval: done This pull request has the required number of approvals branch: master Merge to master branch branch: 1.0.2 Merge to OpenSSL_1_0_2-stable branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bernd-edlinger @richsalz