diff options
author | Rich Salz <rsalz@akamai.com> | 2015-04-24 16:39:40 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-06-23 17:09:35 -0400 |
commit | 74924dcb3802640d7e2ae2e80ca6515d0a53de7a (patch) | |
tree | 6de4138b01d5f649bdaa32d858bd5fa20e9ad4b6 /crypto/dh | |
parent | ce7e647bc2c328404b1e3cdac6211773afdefe07 (diff) |
More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh_ameth.c | 3 | ||||
-rw-r--r-- | crypto/dh/dh_key.c | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 98f8570a2f..efb3d805e8 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -228,7 +228,8 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto decerr; /* We have parameters now set private key */ - if ((dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)) == NULL) { + if ((dh->priv_key = BN_secure_new()) == NULL + || !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) { DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR); goto dherr; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index ff91d41d79..b6c3038976 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -125,7 +125,7 @@ static int generate_key(DH *dh) goto err; if (dh->priv_key == NULL) { - priv_key = BN_new(); + priv_key = BN_secure_new(); if (priv_key == NULL) goto err; generate_new_key = 1; |