diff options
author | Kan <chenxinpingc2306@163.com> | 2022-06-12 21:11:01 +0800 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-06-16 15:16:23 +1000 |
commit | d8e2dc576571de48f85d106d1f3e5da604bd2c9a (patch) | |
tree | e218d93a9eaf7d786c968834fda3b1726c275be6 /crypto/ec | |
parent | f5beeb29a0a46757a2f0724048a2ece67034874e (diff) |
Add sensitive memory clean in priv encode
Fixes #18540
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18541)
(cherry picked from commit 16249341bb64329c2542c3d1e23b97ed3c44fad3)
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec_ameth.c | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 9ca023bbe3..1086ae4321 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -165,7 +165,7 @@ static int eckey_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8, static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { EC_KEY ec_key = *(pkey->pkey.ec); - unsigned char *ep, *p; + unsigned char *ep = NULL; int eplen, ptype; void *pval; unsigned int old_flags; @@ -184,26 +184,18 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) old_flags = EC_KEY_get_enc_flags(&ec_key); EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS); - eplen = i2d_ECPrivateKey(&ec_key, NULL); - if (!eplen) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - return 0; - } - ep = OPENSSL_malloc(eplen); - if (ep == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - p = ep; - if (!i2d_ECPrivateKey(&ec_key, &p)) { - OPENSSL_free(ep); + eplen = i2d_ECPrivateKey(&ec_key, &ep); + if (eplen <= 0) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + ASN1_STRING_free(pval); return 0; } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, ptype, pval, ep, eplen)) { - OPENSSL_free(ep); + ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); + ASN1_STRING_free(pval); + OPENSSL_clear_free(ep, eplen); return 0; } |