Cleanse PKCS#8 private key components.

New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891d4bfd18f224777aed1fbb172504421f1)

diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index b3c38fd1e2830c2d2b760321883e7dafc7595fd1..39b7833f582f269db188a30e40d5c1caf9ef326f 100644 (file)
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -795,6 +795,7 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT)
 
 ASN1_STRING *ASN1_STRING_new(void);
 void ASN1_STRING_free(ASN1_STRING *a);
 
 ASN1_STRING *ASN1_STRING_new(void);
 void ASN1_STRING_free(ASN1_STRING *a);

+void ASN1_STRING_clear_free(ASN1_STRING *a);

 int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
 ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
 ASN1_STRING *ASN1_STRING_type_new(int type);
 int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
 ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
 ASN1_STRING *ASN1_STRING_type_new(int type);

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 00733a6a897b4b715caa2eb12f2b0c1e889c8be5..0b61fc930967c80de65d56f47d44cef231e962fc 100644 (file)
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -430,6 +430,13 @@ void ASN1_STRING_free(ASN1_STRING *a)
     OPENSSL_free(a);
 }
 
     OPENSSL_free(a);
 }
 

+void ASN1_STRING_clear_free(ASN1_STRING *a)
+{
+    if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+        OPENSSL_cleanse(a->data, a->length);
+    ASN1_STRING_free(a);
+}
+

 int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
 {
     int i;
 int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
 {
     int i;

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 786f021810d06211868cab123107841c015efe8b..680400f7870f4c239a01122c505e6f649e6a077b 100644 (file)
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -215,7 +215,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
 
     EVP_PKEY_assign_DH(pkey, dh);
 
 
     EVP_PKEY_assign_DH(pkey, dh);
 

-    ASN1_INTEGER_free(privkey);
+    ASN1_STRING_clear_free(privkey);

 
     return 1;
 
 
     return 1;
 


@@ -223,7 +223,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
     DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
  dherr:
     DH_free(dh);
     DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
  dherr:
     DH_free(dh);

-    ASN1_INTEGER_free(privkey);
+    ASN1_STRING_clear_free(privkey);

     return 0;
 }
 
     return 0;
 }
 


@@ -258,7 +258,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
     dplen = i2d_ASN1_INTEGER(prkey, &dp);
 
 
     dplen = i2d_ASN1_INTEGER(prkey, &dp);
 

-    ASN1_INTEGER_free(prkey);
+    ASN1_STRING_clear_free(prkey);

     prkey = NULL;
 
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
     prkey = NULL;
 
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,


@@ -273,7 +273,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     if (params != NULL)
         ASN1_STRING_free(params);
     if (prkey != NULL)
     if (params != NULL)
         ASN1_STRING_free(params);
     if (prkey != NULL)

-        ASN1_INTEGER_free(prkey);
+        ASN1_STRING_clear_free(prkey);

     return 0;
 }
 
     return 0;
 }
 

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 61a73b34c68ee701d8ed61e34ff9d792132df03a..1b29d8162a665f3d0d68c240bbcef00052892dc4 100644 (file)
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -226,7 +226,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
             goto decerr;
         if (privkey->type == V_ASN1_NEG_INTEGER) {
             p8->broken = PKCS8_NEG_PRIVKEY;
             goto decerr;
         if (privkey->type == V_ASN1_NEG_INTEGER) {
             p8->broken = PKCS8_NEG_PRIVKEY;

-            ASN1_INTEGER_free(privkey);
+            ASN1_STRING_clear_free(privkey);

             if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)))
                 goto decerr;
         }
             if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)))
                 goto decerr;
         }


@@ -264,7 +264,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
     if (ndsa)
         sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
     else
     if (ndsa)
         sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
     else

-        ASN1_INTEGER_free(privkey);
+        ASN1_STRING_clear_free(privkey);

 
     return 1;
 
 
     return 1;
 


@@ -273,7 +273,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
  dsaerr:
     BN_CTX_free(ctx);
     if (privkey)
  dsaerr:
     BN_CTX_free(ctx);
     if (privkey)

-        ASN1_INTEGER_free(privkey);
+        ASN1_STRING_clear_free(privkey);

     sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
     DSA_free(dsa);
     return 0;
     sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
     DSA_free(dsa);
     return 0;


@@ -315,7 +315,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
     dplen = i2d_ASN1_INTEGER(prkey, &dp);
 
 
     dplen = i2d_ASN1_INTEGER(prkey, &dp);
 

-    ASN1_INTEGER_free(prkey);
+    ASN1_STRING_clear_free(prkey);

 
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
                          V_ASN1_SEQUENCE, params, dp, dplen))
 
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
                          V_ASN1_SEQUENCE, params, dp, dplen))


@@ -329,7 +329,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     if (params != NULL)
         ASN1_STRING_free(params);
     if (prkey != NULL)
     if (params != NULL)
         ASN1_STRING_free(params);
     if (prkey != NULL)

-        ASN1_INTEGER_free(prkey);
+        ASN1_STRING_clear_free(prkey);

     return 0;
 }
 
     return 0;
 }