diff options
| author | Vitaly Chikunov <vt@altlinux.org> | 2020-02-18 02:55:35 +0300 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@users.noreply.github.com> | 2020-02-26 00:14:25 +0300 |
| commit | 2883c9c20b26688f648fc14db1637890f96cab35 (patch) | |
| tree | 24f66c5461aa37b25925584fa91624a45a69a56f /gost_ec_keyx.c | |
| parent | dd6e77bbda3347148139111b9433ab4f6bd1f46c (diff) | |
| download | gost-engine-2883c9c20b26688f648fc14db1637890f96cab35.zip gost-engine-2883c9c20b26688f648fc14db1637890f96cab35.tar.gz gost-engine-2883c9c20b26688f648fc14db1637890f96cab35.tar.bz2 | |
keyx: Add OPENSSL_cleanse for internal buffers
Only stack buffers are considered.
Diffstat (limited to 'gost_ec_keyx.c')
| -rw-r--r-- | gost_ec_keyx.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index faa0265..340ca36 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -338,9 +338,11 @@ static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, } if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0) ret = 1; + OPENSSL_cleanse(shared_key, sizeof(shared_key)); GOST_KEY_TRANSPORT_free(gkt); return ret; err: + OPENSSL_cleanse(shared_key, sizeof(shared_key)); if (key_is_ephemeral) EVP_PKEY_free(sec_key); GOST_KEY_TRANSPORT_free(gkt); @@ -444,6 +446,7 @@ static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, if ((*out_len = i2d_PSKeyTransport_gost(pst, out ? &out : NULL)) > 0) ret = 1; err: + OPENSSL_cleanse(expkeys, sizeof(expkeys)); if (key_is_ephemeral) EVP_PKEY_free(sec_key); @@ -550,6 +553,7 @@ static int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, ret = 1; err: + OPENSSL_cleanse(sharedKey, sizeof(sharedKey)); EVP_PKEY_free(eph_key); GOST_KEY_TRANSPORT_free(gkt); return ret; @@ -630,6 +634,7 @@ static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, ret = 1; err: + OPENSSL_cleanse(expkeys, sizeof(expkeys)); EVP_PKEY_free(eph_key); PSKeyTransport_gost_free(pst); return ret; |