diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2017-07-31 20:52:43 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2017-07-31 21:50:31 +0200 |
commit | 09f87aa6a14f518c2fdf7170462b594c24a7c527 (patch) | |
tree | db6747a7e7d0340fdca5594a593ac1d31a6577df /crypto/rsa/rsa_oaep.c | |
parent | e118487fee21ebdd959fe514be6b5c121462e272 (diff) |
Fix an information leak in the RSA padding check code.
The memory blocks contain secret data and must be
cleared before returning to the system heap.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4062)
(cherry picked from commit e670db0183079b5f6325ce2abd9d785e0f966890)
Diffstat (limited to 'crypto/rsa/rsa_oaep.c')
-rw-r--r-- | crypto/rsa/rsa_oaep.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 868104f1bf..4878d495fe 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -122,7 +122,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, int plen, const EVP_MD *md, const EVP_MD *mgf1md) { - int i, dblen, mlen = -1, one_index = 0, msg_index; + int i, dblen = 0, mlen = -1, one_index = 0, msg_index; unsigned int good, found_one_byte; const unsigned char *maskedseed, *maskeddb; /* @@ -239,8 +239,8 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_OAEP_DECODING_ERROR); cleanup: - OPENSSL_free(db); - OPENSSL_free(em); + OPENSSL_clear_free(db, dblen); + OPENSSL_clear_free(em, num); return mlen; } |