mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Don't forget our provider ctx when resetting

Browse Source 
A number of the KDF reset functions were resetting a little too much

Fixes #12225

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12229)
This commit is contained in:
Matt Caswell 2020-06-22 11:18:56 +01:00
parent b4cb9498c9
commit 0577959cea
8 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
providers/implementations/kdfs/hkdf.c
View File

@ -90,12 +90,14 @@ static void kdf_hkdf_free(void *vctx)
static void kdf_hkdf_reset(void *vctx)
{
KDF_HKDF *ctx = (KDF_HKDF *)vctx;
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
OPENSSL_free(ctx->salt);
OPENSSL_clear_free(ctx->key, ctx->key_len);
OPENSSL_cleanse(ctx->info, ctx->info_len);
memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx;
}
static size_t kdf_hkdf_size(KDF_HKDF *ctx)

2
providers/implementations/kdfs/kbkdf.c
View File

@ -122,6 +122,7 @@ static void kbkdf_free(void *vctx)
static void kbkdf_reset(void *vctx)
{
KBKDF *ctx = (KBKDF *)vctx;
void *provctx = ctx->provctx;
EVP_MAC_free_ctx(ctx->ctx_init);
OPENSSL_clear_free(ctx->context, ctx->context_len);
@ -129,6 +130,7 @@ static void kbkdf_reset(void *vctx)
OPENSSL_clear_free(ctx->ki, ctx->ki_len);
OPENSSL_clear_free(ctx->iv, ctx->iv_len);
memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx;
}
/* SP800-108 section 5.1 or section 5.2 depending on mode. */

2
providers/implementations/kdfs/krb5kdf.c
View File

@ -78,11 +78,13 @@ static void krb5kdf_free(void *vctx)
static void krb5kdf_reset(void *vctx)
{
KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx;
void *provctx = ctx->provctx;
ossl_prov_cipher_reset(&ctx->cipher);
OPENSSL_clear_free(ctx->key, ctx->key_len);
OPENSSL_clear_free(ctx->constant, ctx->constant_len);
memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx;
}
static int krb5kdf_set_membuf(unsigned char **dst, size_t *dst_len,

2
providers/implementations/kdfs/pbkdf2.c
View File

@ -95,8 +95,10 @@ static void kdf_pbkdf2_free(void *vctx)
static void kdf_pbkdf2_reset(void *vctx)
{
KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx;
void *provctx = ctx->provctx;
kdf_pbkdf2_cleanup(ctx);
ctx->provctx = provctx;
kdf_pbkdf2_init(ctx);
}

2
providers/implementations/kdfs/sshkdf.c
View File

@ -72,12 +72,14 @@ static void kdf_sshkdf_free(void *vctx)
static void kdf_sshkdf_reset(void *vctx)
{
KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx;
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
OPENSSL_clear_free(ctx->key, ctx->key_len);
OPENSSL_clear_free(ctx->xcghash, ctx->xcghash_len);
OPENSSL_clear_free(ctx->session_id, ctx->session_id_len);
memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx;
}
static int sshkdf_set_membuf(unsigned char **dst, size_t *dst_len,

2
providers/implementations/kdfs/sskdf.c
View File

@ -302,6 +302,7 @@ static void *sskdf_new(void *provctx)
static void sskdf_reset(void *vctx)
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
void *provctx = ctx->provctx;
EVP_MAC_free_ctx(ctx->macctx);
ossl_prov_digest_reset(&ctx->digest);
@ -309,6 +310,7 @@ static void sskdf_reset(void *vctx)
OPENSSL_clear_free(ctx->info, ctx->info_len);
OPENSSL_clear_free(ctx->salt, ctx->salt_len);
memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx;
}
static void sskdf_free(void *vctx)

2
providers/implementations/kdfs/tls1_prf.c
View File

@ -115,12 +115,14 @@ static void kdf_tls1_prf_free(void *vctx)
static void kdf_tls1_prf_reset(void *vctx)
{
TLS1_PRF *ctx = (TLS1_PRF *)vctx;
void *provctx = ctx->provctx;
EVP_MAC_free_ctx(ctx->P_hash);
EVP_MAC_free_ctx(ctx->P_sha1);
OPENSSL_clear_free(ctx->sec, ctx->seclen);
OPENSSL_cleanse(ctx->seed, ctx->seedlen);
memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx;
}
static int kdf_tls1_prf_derive(void *vctx, unsigned char *key,

2
providers/implementations/kdfs/x942kdf.c
View File

@ -255,11 +255,13 @@ static void *x942kdf_new(void *provctx)
static void x942kdf_reset(void *vctx)
{
KDF_X942 *ctx = (KDF_X942 *)vctx;
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
OPENSSL_clear_free(ctx->secret, ctx->secret_len);
OPENSSL_clear_free(ctx->ukm, ctx->ukm_len);
memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx;
}
static void x942kdf_free(void *vctx)