summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2018-09-03 11:39:50 +1000
committerPauli <paul.dale@oracle.com>2018-09-06 14:54:33 +1000
commit1ed9fafccc37bcc78c12d20d586842ee7c7cd8a6 (patch)
tree1d14b1d8dcdc9fafc0a19a1e6f1d485ac62da640 /crypto
parenta842be9cf7bdf3cb3abbfe152d811cbc57dded27 (diff)
RSA padding Zeroization fixes
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7090) (cherry picked from commit 82eba370daeb6d80b01b521d9e2963451487f0cb)
Diffstat (limited to 'crypto')
-rw-r--r--crypto/rsa/rsa_oaep.c33
-rw-r--r--crypto/rsa/rsa_pss.c4
2 files changed, 21 insertions, 16 deletions
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index f3135198a3..df08a2f53e 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -43,10 +43,12 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD *mgf1md)
{
+ int rv = 0;
int i, emlen = tlen - 1;
unsigned char *db, *seed;
- unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE];
- int mdlen;
+ unsigned char *dbmask = NULL;
+ unsigned char seedmask[EVP_MAX_MD_SIZE];
+ int mdlen, dbmask_len = 0;
if (md == NULL)
md = EVP_sha1();
@@ -72,40 +74,41 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
db = to + mdlen + 1;
if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))
- return 0;
+ goto err;
memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
db[emlen - flen - mdlen - 1] = 0x01;
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
if (RAND_bytes(seed, mdlen) <= 0)
- return 0;
+ goto err;
+
#ifdef PKCS_TESTVECT
memcpy(seed,
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
20);
#endif
- dbmask = OPENSSL_malloc(emlen - mdlen);
+ dbmask_len = emlen - mdlen;
+ dbmask = OPENSSL_malloc(dbmask_len);
if (dbmask == NULL) {
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
- if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
+ if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0)
goto err;
- for (i = 0; i < emlen - mdlen; i++)
+ for (i = 0; i < dbmask_len; i++)
db[i] ^= dbmask[i];
- if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
+ if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0)
goto err;
for (i = 0; i < mdlen; i++)
seed[i] ^= seedmask[i];
-
- OPENSSL_free(dbmask);
- return 1;
+ rv = 1;
err:
- OPENSSL_free(dbmask);
- return 0;
+ OPENSSL_cleanse(seedmask, sizeof(seedmask));
+ OPENSSL_clear_free(dbmask, dbmask_len);
+ return rv;
}
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -247,6 +250,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
RSA_R_OAEP_DECODING_ERROR);
cleanup:
+ OPENSSL_cleanse(seed, sizeof(seed));
OPENSSL_clear_free(db, dblen);
OPENSSL_clear_free(em, num);
return mlen;
@@ -289,6 +293,7 @@ int PKCS1_MGF1(unsigned char *mask, long len,
}
rv = 0;
err:
+ OPENSSL_cleanse(md, sizeof(md));
EVP_MD_CTX_free(c);
return rv;
}
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index f8143387c8..4a1e599ed5 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -242,7 +242,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
err:
EVP_MD_CTX_free(ctx);
- OPENSSL_free(salt);
+ OPENSSL_clear_free(salt, sLen);
return ret;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 09:22:23 +0000