Erase temporary buffer in EVP_PKEY_get_bn_param()

Function EVP_PKEY_get_bn_param() uses temporary buffer (on stack or heap allocated) to store serialized bignum, but after deserializing it into BIGNUM*, the buffer is not erased and may contain sensitive data. This change makes sure the buffer is erased if it was successfully filled before. Unfortunately, it does not distinguish between public and private key components, and will always erase the buffer. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20639)
2024-11-27 05:21:51 +08:00 · 2023-03-29 17:16:48 +03:00 · 2023-03-29 17:16:48 +03:00 · 34e4a962bc
commit 34e4a962bc
parent 540c2d175d
1 changed files with 8 additions and 1 deletions
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@ -2176,7 +2176,14 @@ int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name,
        goto err;
    ret = OSSL_PARAM_get_BN(params, bn);
 err:
-    OPENSSL_free(buf);
+    if (buf != NULL) {
+        if (OSSL_PARAM_modified(params))
+            OPENSSL_clear_free(buf, buf_sz);
+        else
+            OPENSSL_free(buf);
+    } else if (OSSL_PARAM_modified(params)) {
+        OPENSSL_cleanse(buffer, params[0].data_size);
+    }
    return ret;
 }