Clean password buffer on stack for PEM_read_bio_PrivateKey

author Bernd Edlinger <bernd.edlinger@hotmail.de>

Sat, 29 Jul 2017 10:19:29 +0000 (12:19 +0200)

committer Bernd Edlinger <bernd.edlinger@hotmail.de>

Sat, 29 Jul 2017 12:55:30 +0000 (14:55 +0200)
author Bernd Edlinger <bernd.edlinger@hotmail.de>
Sat, 29 Jul 2017 10:19:29 +0000 (12:19 +0200)
committer Bernd Edlinger <bernd.edlinger@hotmail.de>
Sat, 29 Jul 2017 12:55:30 +0000 (14:55 +0200)
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c

index 993c595a7b7b2020a6e11d647dab2c16b29d971d..5caad9faab8771a0ff3e152bd2610c04ffeeace5 100644 (file)
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -131,6 +131,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
      }
      p8inf = PKCS8_decrypt(p8, psbuf, klen);
      X509_SIG_free(p8);
+    OPENSSL_cleanse(psbuf, klen);
      if (!p8inf)
          return NULL;
      ret = EVP_PKCS82PKEY(p8inf);
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c

index 93565011c02096acd7c8d1a243bd01291ab04afe..42ec933efdbad8b0ceb408e7405eb4dc9a31fe1e 100644 (file)
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -67,6 +67,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
          }
          p8inf = PKCS8_decrypt(p8, psbuf, klen);
          X509_SIG_free(p8);
+        OPENSSL_cleanse(psbuf, klen);
          if (!p8inf)
              goto p8err;
          ret = EVP_PKCS82PKEY(p8inf);
author	Bernd Edlinger <bernd.edlinger@hotmail.de>
	Sat, 29 Jul 2017 10:19:29 +0000 (12:19 +0200)
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>
	Sat, 29 Jul 2017 12:55:30 +0000 (14:55 +0200)
crypto/pem/pem_pk8.c		patch \| blob \| history
crypto/pem/pem_pkey.c		patch \| blob \| history