zeroize rsa->p,rsa->q on error

this is rquired by fipd-186-5 section A.1.6, step 7: Zeroize the internally generated values that are not returned In OpenSSL code we need to zero p, q members of rsa structure. The rsa structure is provided by ossl_rsa_fips186_4_gen_prob_primes() caller. The remaining values (variables) mentioned by standard are zeroed already in functions we call from ossl_rsa_fips186_4_gen_prob_primes(). Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24358)
author: Alexandr Nedvedicky <sashan@openssl.org> 2024-05-10 09:07:35 +0200
committer: Tomas Mraz <tomas@openssl.org> 2024-05-14 15:55:41 +0200
commit: fb323b27754089a34dc2a6a96a9b48cd4d0ee936 (patch)
tree: 893d819db1fe72b925439e1282137f5841bcfc34 /crypto
parent: b6a5e801679663c13875cf6e18f475f8700d72a9 (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c
index b0d9104b79..c741cf3c3b 100644
--- a/crypto/rsa/rsa_sp800_56b_gen.c
+++ b/crypto/rsa/rsa_sp800_56b_gen.c
@@ -147,11 +147,15 @@ int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
     ret = 1;
 err:
     /* Zeroize any internally generated values that are not returned */
-    if (Xpo != NULL)
-        BN_clear(Xpo);
-    if (Xqo != NULL)
-        BN_clear(Xqo);
+    BN_clear(Xpo);
+    BN_clear(Xqo);
     BN_clear(tmp);
+    if (ret != 1) {
+        BN_clear_free(rsa->p);
+        rsa->p = NULL;
+        BN_clear_free(rsa->q);
+        rsa->q = NULL;
+    }
 
     BN_CTX_end(ctx);
     return ret;
author	Alexandr Nedvedicky <sashan@openssl.org>	2024-05-10 09:07:35 +0200
committer	Tomas Mraz <tomas@openssl.org>	2024-05-14 15:55:41 +0200
commit	fb323b27754089a34dc2a6a96a9b48cd4d0ee936 (patch)
tree	893d819db1fe72b925439e1282137f5841bcfc34 /crypto
parent	b6a5e801679663c13875cf6e18f475f8700d72a9 (diff)