Use OPENSSL_secure_clear_free in PEM_read_bio_PrivateKey and PEM_read_bio_ex
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4044)
This commit is contained in:
Bernd Edlinger
parent
2928b29b2f
commit
2ca8bbe550
2 changed files with 15 additions and 15 deletions
|
|
@ -220,10 +220,10 @@ static int check_pem(const char *nm, const char *name)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static void pem_free(void *p, unsigned int flags)
|
||||
static void pem_free(void *p, unsigned int flags, size_t num)
|
||||
{
|
||||
if (flags & PEM_FLAG_SECURE)
|
||||
OPENSSL_secure_free(p);
|
||||
OPENSSL_secure_clear_free(p, num);
|
||||
else
|
||||
OPENSSL_free(p);
|
||||
}
|
||||
|
|
@ -242,13 +242,13 @@ static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen,
|
|||
EVP_CIPHER_INFO cipher;
|
||||
char *nm = NULL, *header = NULL;
|
||||
unsigned char *data = NULL;
|
||||
long len;
|
||||
long len = 0;
|
||||
int ret = 0;
|
||||
|
||||
do {
|
||||
pem_free(nm, flags);
|
||||
pem_free(header, flags);
|
||||
pem_free(data, flags);
|
||||
pem_free(nm, flags, 0);
|
||||
pem_free(header, flags, 0);
|
||||
pem_free(data, flags, len);
|
||||
if (!PEM_read_bio_ex(bp, &nm, &header, &data, &len, flags)) {
|
||||
if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
|
||||
ERR_add_error_data(2, "Expecting: ", name);
|
||||
|
|
@ -270,10 +270,10 @@ static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen,
|
|||
|
||||
err:
|
||||
if (!ret || pnm == NULL)
|
||||
pem_free(nm, flags);
|
||||
pem_free(header, flags);
|
||||
pem_free(nm, flags, 0);
|
||||
pem_free(header, flags, 0);
|
||||
if (!ret)
|
||||
pem_free(data, flags);
|
||||
pem_free(data, flags, len);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -767,7 +767,7 @@ static int get_name(BIO *bp, char **name, unsigned int flags)
|
|||
ret = 1;
|
||||
|
||||
err:
|
||||
pem_free(linebuf, flags);
|
||||
pem_free(linebuf, flags, LINESIZE + 1);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -875,7 +875,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
|
|||
|
||||
ret = 1;
|
||||
err:
|
||||
pem_free(linebuf, flags);
|
||||
pem_free(linebuf, flags, LINESIZE + 1);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -943,8 +943,8 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
|
|||
*header = pem_malloc(headerlen + 1, flags);
|
||||
*data = pem_malloc(len, flags);
|
||||
if (*header == NULL || *data == NULL) {
|
||||
pem_free(*header, flags);
|
||||
pem_free(*data, flags);
|
||||
pem_free(*header, flags, 0);
|
||||
pem_free(*data, flags, 0);
|
||||
goto end;
|
||||
}
|
||||
BIO_read(headerB, *header, headerlen);
|
||||
|
|
@ -957,7 +957,7 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
|
|||
|
||||
end:
|
||||
EVP_ENCODE_CTX_free(ctx);
|
||||
pem_free(name, flags);
|
||||
pem_free(name, flags, 0);
|
||||
BIO_free(headerB);
|
||||
BIO_free(dataB);
|
||||
return ret;
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
|
|||
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
|
||||
err:
|
||||
OPENSSL_secure_free(nm);
|
||||
OPENSSL_secure_free(data);
|
||||
OPENSSL_secure_clear_free(data, len);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue