Commit 52928331 authored by Bernd Edlinger's avatar Bernd Edlinger
Browse files

Clean password buffer on stack for PEM_read_bio_PrivateKey 


and d2i_PKCS8PrivateKey_bio before it goes out of scope.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4047)

(cherry picked from commit 02fd47c8)
parent 0d72ba5c

crypto/pem/pem_pk8.c

+1 −0
Original line number Diff line number Diff line
@@ -178,6 +178,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, 
    }

    p8inf = PKCS8_decrypt(p8, psbuf, klen);

    X509_SIG_free(p8);

    OPENSSL_cleanse(psbuf, klen);

    if (!p8inf)

        return NULL;

    ret = EVP_PKCS82PKEY(p8inf);

crypto/pem/pem_pkey.c

+1 −0
Original line number Diff line number Diff line
@@ -120,6 +120,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, 
        }

        p8inf = PKCS8_decrypt(p8, psbuf, klen);

        X509_SIG_free(p8);

        OPENSSL_cleanse(psbuf, klen);

        if (!p8inf)

            goto p8err;

        ret = EVP_PKCS82PKEY(p8inf);