Commit 36971258 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Cleanse PKCS#8 private key components. 



New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891)

Conflicts:
	crypto/dh/dh_ameth.c
parent 71b0bb76

crypto/asn1/asn1.h

+1 −0
Original line number Diff line number Diff line
@@ -796,6 +796,7 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT) 


ASN1_STRING *ASN1_STRING_new(void);

void ASN1_STRING_free(ASN1_STRING *a);

void ASN1_STRING_clear_free(ASN1_STRING *a);

int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);

ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);

ASN1_STRING *ASN1_STRING_type_new(int type);

crypto/asn1/asn1_lib.c

+7 −0
Original line number Diff line number Diff line
@@ -430,6 +430,13 @@ void ASN1_STRING_free(ASN1_STRING *a) 
    OPENSSL_free(a);

}



void ASN1_STRING_clear_free(ASN1_STRING *a)

{

    if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))

        OPENSSL_cleanse(a->data, a->length);

    ASN1_STRING_free(a);

}



int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)

{

    int i;

crypto/dh/dh_ameth.c

+5 −3
Original line number Diff line number Diff line
@@ -215,7 +215,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 


    EVP_PKEY_assign_DH(pkey, dh);



    ASN1_INTEGER_free(privkey);

    ASN1_STRING_clear_free(privkey);



    return 1;
@@ -223,6 +223,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 
    DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);

 dherr:

    DH_free(dh);

    ASN1_STRING_clear_free(privkey);

    return 0;

}
@@ -257,7 +258,8 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 


    dplen = i2d_ASN1_INTEGER(prkey, &dp);



    ASN1_INTEGER_free(prkey);

    ASN1_STRING_clear_free(prkey);

    prkey = NULL;



    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,

                         V_ASN1_SEQUENCE, params, dp, dplen))
@@ -271,7 +273,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 
    if (params != NULL)

        ASN1_STRING_free(params);

    if (prkey != NULL)

        ASN1_INTEGER_free(prkey);

        ASN1_STRING_clear_free(prkey);

    return 0;

}

crypto/dsa/dsa_ameth.c

+5 −5
Original line number Diff line number Diff line
@@ -226,7 +226,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 
            goto decerr;

        if (privkey->type == V_ASN1_NEG_INTEGER) {

            p8->broken = PKCS8_NEG_PRIVKEY;

            ASN1_INTEGER_free(privkey);

            ASN1_STRING_clear_free(privkey);

            if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)))

                goto decerr;

        }
@@ -264,7 +264,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 
    if (ndsa)

        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

    else

        ASN1_INTEGER_free(privkey);

        ASN1_STRING_clear_free(privkey);



    return 1;
@@ -273,7 +273,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 
 dsaerr:

    BN_CTX_free(ctx);

    if (privkey)

        ASN1_INTEGER_free(privkey);

        ASN1_STRING_clear_free(privkey);

    sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

    DSA_free(dsa);

    return 0;
@@ -315,7 +315,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 


    dplen = i2d_ASN1_INTEGER(prkey, &dp);



    ASN1_INTEGER_free(prkey);

    ASN1_STRING_clear_free(prkey);



    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,

                         V_ASN1_SEQUENCE, params, dp, dplen))
@@ -329,7 +329,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 
    if (params != NULL)

        ASN1_STRING_free(params);

    if (prkey != NULL)

        ASN1_INTEGER_free(prkey);

        ASN1_STRING_clear_free(prkey);

    return 0;

}