diff options
| author | Rich Salz <rsalz@akamai.com> | 2015-04-24 16:39:40 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-06-23 17:09:35 -0400 |
| commit | 74924dcb3802640d7e2ae2e80ca6515d0a53de7a (patch) | |
| tree | 6de4138b01d5f649bdaa32d858bd5fa20e9ad4b6 /crypto/asn1/x_bignum.c | |
| parent | ce7e647bc2c328404b1e3cdac6211773afdefe07 (diff) | |
More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/asn1/x_bignum.c')
| -rw-r--r-- | crypto/asn1/x_bignum.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index 8307a2d729..66ce000827 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -72,12 +72,15 @@ #define BN_SENSITIVE 1 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it); static ASN1_PRIMITIVE_FUNCS bignum_pf = { NULL, 0, @@ -88,12 +91,21 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = { bn_i2c }; +static ASN1_PRIMITIVE_FUNCS cbignum_pf = { + NULL, 0, + bn_secure_new, + bn_free, + 0, + bn_secure_c2i, + bn_i2c +}; + ASN1_ITEM_start(BIGNUM) ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" ASN1_ITEM_end(BIGNUM) ASN1_ITEM_start(CBIGNUM) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM" + ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &cbignum_pf, BN_SENSITIVE, "CBIGNUM" ASN1_ITEM_end(CBIGNUM) static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) @@ -105,6 +117,15 @@ static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) return 0; } +static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +{ + *pval = (ASN1_VALUE *)BN_secure_new(); + if (*pval) + return 1; + else + return 0; +} + static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { if (!*pval) @@ -141,6 +162,7 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { BIGNUM *bn; + if (!*pval) bn_new(pval, it); bn = (BIGNUM *)*pval; @@ -150,3 +172,11 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, } return 1; } + +static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it) +{ + if (!*pval) + bn_secure_new(pval, it); + return bn_c2i(pval, cont, len, utype, free_cont, it); +} |