mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

key zeroisation fix for p12

Browse Source 
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7109)
This commit is contained in:
Shane Lontis 2018-09-04 15:00:21 +10:00 committed by Pauli
parent 0239283d99
commit f5cee414fa
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
crypto/pkcs12/p12_mutl.c
View File

@ -75,6 +75,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
unsigned char *out,
const EVP_MD *md_type))
{
int ret = 0;
const EVP_MD *md_type;
HMAC_CTX *hmac = NULL;
unsigned char key[EVP_MAX_MD_SIZE], *salt;
@ -116,24 +117,27 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
md_size, key, md_type)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
return 0;
goto err;
}
} else
if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
iter, md_size, key, md_type)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
return 0;
goto err;
}
if ((hmac = HMAC_CTX_new()) == NULL
|| !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
|| !HMAC_Update(hmac, p12->authsafes->d.data->data,
p12->authsafes->d.data->length)
|| !HMAC_Final(hmac, mac, maclen)) {
HMAC_CTX_free(hmac);
return 0;
goto err;
}
ret = 1;
err:
OPENSSL_cleanse(key, sizeof(key));
HMAC_CTX_free(hmac);
return 1;
return ret;
}
int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,