mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

param_build: check for the usage of secure memory better.

Browse Source 
The param build now checks the string types and locates them in secure memory
if the original string is.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14782)
This commit is contained in:
Pauli 2021-04-07 08:48:59 +10:00
parent bf477a40d7
commit b6b55ad91a
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/param_build.c
View File

@ -240,6 +240,7 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
const char *buf, size_t bsize)
{
OSSL_PARAM_BLD_DEF *pd;
int secure;
if (bsize == 0) {
bsize = strlen(buf);
@ -247,7 +248,8 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
return 0;
}
pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, 0);
secure = CRYPTO_secure_allocated(buf);
pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, secure);
if (pd == NULL)
return 0;
pd->string = buf;
@ -276,12 +278,14 @@ int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
const void *buf, size_t bsize)
{
OSSL_PARAM_BLD_DEF *pd;
int secure;
if (bsize > INT_MAX) {
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
return 0;
}
pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, 0);
secure = CRYPTO_secure_allocated(buf);
pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure);
if (pd == NULL)
return 0;
pd->string = buf;