key zeroisation fix for p12 (f5cee414) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/pkcs12/p12_mutl.c

+9 −5

Original line number	Diff line number	Diff line
		@@ -75,6 +75,7 @@ static int pkcs12_gen_mac(PKCS12 p12, const char pass, int passlen,
		unsigned char *out,
		const EVP_MD *md_type))
		{
		int ret = 0;
		const EVP_MD *md_type;
		HMAC_CTX *hmac = NULL;
		unsigned char key[EVP_MAX_MD_SIZE], *salt;
		@@ -116,24 +117,27 @@ static int pkcs12_gen_mac(PKCS12 p12, const char pass, int passlen,
		if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
		md_size, key, md_type)) {
		PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
		return 0;
		goto err;
		}
		} else
		if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
		iter, md_size, key, md_type)) {
		PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
		return 0;
		goto err;
		}
		if ((hmac = HMAC_CTX_new()) == NULL
		\|\| !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
		\|\| !HMAC_Update(hmac, p12->authsafes->d.data->data,
		p12->authsafes->d.data->length)
		\|\| !HMAC_Final(hmac, mac, maclen)) {
		HMAC_CTX_free(hmac);
		return 0;
		goto err;
		}
		ret = 1;

		err:
		OPENSSL_cleanse(key, sizeof(key));
		HMAC_CTX_free(hmac);
		return 1;
		return ret;
		}

		int PKCS12_gen_mac(PKCS12 p12, const char pass, int passlen,