Add sensitive memory clean in priv encode

Fixed #18540

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18541)

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 47a6ab7d0c7c093e13ba101b8c320cf7c768f9c6..6ec582f5f38d830bc96ca0b06b41d47d33a5d0f9 100644 (file)
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -206,18 +206,16 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     dplen = i2d_ASN1_INTEGER(prkey, &dp);
 
     ASN1_STRING_clear_free(prkey);
-    prkey = NULL;
 
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
-                         V_ASN1_SEQUENCE, params, dp, dplen))
+                         V_ASN1_SEQUENCE, params, dp, dplen)) {
+        OPENSSL_clear_free(dp, dplen);
         goto err;
-
+    }
     return 1;
 
  err:
-    OPENSSL_free(dp);
     ASN1_STRING_free(params);
-    ASN1_STRING_clear_free(prkey);
     return 0;
 }
 

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 234fc44ed7db7565423630143854bcc0b6aac17e..1da67485e82007b271d84ee27a225196dff69972 100644 (file)
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -197,18 +197,16 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     dplen = i2d_ASN1_INTEGER(prkey, &dp);
 
     ASN1_STRING_clear_free(prkey);
-    prkey = NULL;
 
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
-                         V_ASN1_SEQUENCE, params, dp, dplen))
+                         V_ASN1_SEQUENCE, params, dp, dplen)) {
+        OPENSSL_clear_free(dp, dplen);
         goto err;
-
+    }
     return 1;
 
  err:
-    OPENSSL_free(dp);
     ASN1_STRING_free(params);
-    ASN1_STRING_clear_free(prkey);
     return 0;
 }
 

diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 69922380e1e8bd6988d8c6110abc2a19b3d991a1..50adca042a6d859a9aa9a7ca1fa727848262bb94 100644 (file)
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -165,7 +165,7 @@ static int eckey_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8,
 static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 {
     EC_KEY ec_key = *(pkey->pkey.ec);
-    unsigned char *ep, *p;
+    unsigned char *ep = NULL;
     int eplen, ptype;
     void *pval;
     unsigned int old_flags;
@@ -184,26 +184,18 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     old_flags = EC_KEY_get_enc_flags(&ec_key);
     EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS);
 
-    eplen = i2d_ECPrivateKey(&ec_key, NULL);
-    if (!eplen) {
-        ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
-        return 0;
-    }
-    ep = OPENSSL_malloc(eplen);
-    if (ep == NULL) {
-        ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    p = ep;
-    if (!i2d_ECPrivateKey(&ec_key, &p)) {
-        OPENSSL_free(ep);
+    eplen = i2d_ECPrivateKey(&ec_key, &ep);
+    if (eplen <= 0) {
         ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
+        ASN1_STRING_free(pval);
         return 0;
     }
 
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
                          ptype, pval, ep, eplen)) {
-        OPENSSL_free(ep);
+        ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
+        ASN1_STRING_free(pval);
+        OPENSSL_clear_free(ep, eplen);
         return 0;
     }
 

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index bd32700599ccebb6d89a1e55e375e089595e8c00..9d5c32776d0bcdb1c3aa86330ef29bd2219fff78 100644 (file)
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -160,6 +160,7 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
                          strtype, str, rk, rklen)) {
         ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
         ASN1_STRING_free(str);
+        OPENSSL_clear_free(rk, rklen);
         return 0;
     }