diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2007-02-21 13:49:35 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2007-02-21 13:49:35 +0000 |
commit | a2e623c0118b0a8149b3a87ff90eb0461a406bd2 (patch) | |
tree | 428fe60d1b7a116ef10e8d1e71adffe849b792e0 | |
parent | aa79dd6895bb2d26b69d2df3b6355beb77fda089 (diff) | |
download | openssl-a2e623c0118b0a8149b3a87ff90eb0461a406bd2.zip openssl-a2e623c0118b0a8149b3a87ff90eb0461a406bd2.tar.gz openssl-a2e623c0118b0a8149b3a87ff90eb0461a406bd2.tar.bz2 |
Update from 0.9.7-stable.
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | crypto/pem/pem_lib.c | 5 | ||||
-rw-r--r-- | crypto/pem/pem_pkey.c | 1 |
3 files changed, 9 insertions, 1 deletions
@@ -1524,6 +1524,10 @@ Changes between 0.9.7l and 0.9.7m [xx XXX xxxx] + *) Cleanse PEM buffers before freeing them since they may contain + sensitive data. + [Benjamin Bennett <ben@psc.edu>] + *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a ciphersuite string such as "DEFAULT:RSA" cannot enable authentication-only ciphersuites. diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 20db501..c0bd099 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -619,6 +619,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, } EVP_EncodeFinal(&ctx,buf,&outl); if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; + OPENSSL_cleanse(buf, PEM_BUFSIZE*8); OPENSSL_free(buf); buf = NULL; if ( (BIO_write(bp,"-----END ",9) != 9) || @@ -627,8 +628,10 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, goto err; return(i+outl); err: - if (buf) + if (buf) { + OPENSSL_cleanse(buf, PEM_BUFSIZE*8); OPENSSL_free(buf); + } PEMerr(PEM_F_PEM_WRITE_BIO,reason); return(0); } diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 6cca60c..452e24c 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -132,6 +132,7 @@ p8err: PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); err: OPENSSL_free(nm); + OPENSSL_cleanse(data, len); OPENSSL_free(data); return(ret); } |