try_pkcs12(): cleanse passphrase so it is not left on the stack

author Tomas Mraz <tomas@openssl.org>

Wed, 29 Dec 2021 08:26:58 +0000 (09:26 +0100)

committer Tomas Mraz <tomas@openssl.org>

Mon, 3 Jan 2022 09:35:36 +0000 (10:35 +0100)
author Tomas Mraz <tomas@openssl.org>
Wed, 29 Dec 2021 08:26:58 +0000 (09:26 +0100)
committer Tomas Mraz <tomas@openssl.org>
Mon, 3 Jan 2022 09:35:36 +0000 (10:35 +0100)
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c

index 893828ee3ed4c8506464d825bf18a54d6937552f..de00f4f56287f4567ff8402cea12812efe1b932c 100644 (file)
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -619,9 +619,10 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
                  }
                  ctx->cached_info = infos;
              }
+         p12_end:
+            OPENSSL_cleanse(tpass, sizeof(tpass));
+            PKCS12_free(p12);
          }
-     p12_end:
-        PKCS12_free(p12);
          *v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
      }
author	Tomas Mraz <tomas@openssl.org>
	Wed, 29 Dec 2021 08:26:58 +0000 (09:26 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Mon, 3 Jan 2022 09:35:36 +0000 (10:35 +0100)