diff options
author | Alexandr Nedvedicky <sashan@openssl.org> | 2024-05-10 09:07:35 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-14 15:55:41 +0200 |
commit | fb323b27754089a34dc2a6a96a9b48cd4d0ee936 (patch) | |
tree | 893d819db1fe72b925439e1282137f5841bcfc34 /crypto | |
parent | b6a5e801679663c13875cf6e18f475f8700d72a9 (diff) |
zeroize rsa->p,rsa->q on error
this is rquired by fipd-186-5 section A.1.6, step 7:
Zeroize the internally generated values that are not returned
In OpenSSL code we need to zero p, q members of rsa structure. The rsa
structure is provided by ossl_rsa_fips186_4_gen_prob_primes() caller.
The remaining values (variables) mentioned by standard are zeroed
already in functions we call from ossl_rsa_fips186_4_gen_prob_primes().
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24358)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/rsa/rsa_sp800_56b_gen.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index b0d9104b79..c741cf3c3b 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -147,11 +147,15 @@ int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, ret = 1; err: /* Zeroize any internally generated values that are not returned */ - if (Xpo != NULL) - BN_clear(Xpo); - if (Xqo != NULL) - BN_clear(Xqo); + BN_clear(Xpo); + BN_clear(Xqo); BN_clear(tmp); + if (ret != 1) { + BN_clear_free(rsa->p); + rsa->p = NULL; + BN_clear_free(rsa->q); + rsa->q = NULL; + } BN_CTX_end(ctx); return ret; |