mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make PEM_read_{,bio_}PrivateKey use secmem

Browse Source 
We now have a version of PEM_read_bytes that can use temporary
buffers allocated from the secure heap; use them to handle this
sensitive information.

Note that for PEM_read_PrivateKey, the i/o still goes through
stdio since the input is a FILE pointer.  Standard I/O performs
additional buffering, which cannot be changed to use the OpenSSL
secure heap for temporary storage.  As such, it is recommended
to use BIO_new_file() and PEM_read_bio_PrivateKey() instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1700)
This commit is contained in:
Benjamin Kaduk 2016-02-19 17:36:52 -06:00 committed by Richard Levitte
parent 7671342e55
commit 44612e0a81
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/pem/pem_pkey.c
View File

@ -32,7 +32,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
int slen;
EVP_PKEY *ret = NULL;
if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp,
cb, u))
return NULL;
p = data;
@ -85,8 +86,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
if (ret == NULL)
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
err:
OPENSSL_free(nm);
OPENSSL_clear_free(data, len);
OPENSSL_secure_free(nm);
OPENSSL_secure_free(data);
return (ret);
}