The branch master has been updated via 0443b1171da43696a2cd67cfcb0624be1e3ee25b (commit) via 02fd47c8b0930dff9b188fd13bfb9da5e59444a8 (commit) from 03883e7e168b0f5ef52a516eeb86346b767e0298 (commit)
- Log ----------------------------------------------------------------- commit 0443b1171da43696a2cd67cfcb0624be1e3ee25b Author: Bernd Edlinger <bernd.edlin...@hotmail.de> Date: Sat Jul 29 12:23:00 2017 +0200 Add some test coverage for PEM_read_bio_PrivateKey Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4047) commit 02fd47c8b0930dff9b188fd13bfb9da5e59444a8 Author: Bernd Edlinger <bernd.edlin...@hotmail.de> Date: Sat Jul 29 12:19:29 2017 +0200 Clean password buffer on stack for PEM_read_bio_PrivateKey and d2i_PKCS8PrivateKey_bio before it goes out of scope. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4047) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_pk8.c | 1 + crypto/pem/pem_pkey.c | 1 + test/recipes/90-test_store.t | 6 +++++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 993c595..5caad9f 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -131,6 +131,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); + OPENSSL_cleanse(psbuf, klen); if (!p8inf) return NULL; ret = EVP_PKCS82PKEY(p8inf); diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 9356501..42ec933 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -67,6 +67,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); + OPENSSL_cleanse(psbuf, klen); if (!p8inf) goto p8err; ret = EVP_PKCS82PKEY(p8inf); diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index 699a67e..12ad951 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -74,7 +74,7 @@ my $n = (3 * scalar @noexist_files) + (4 * scalar @generated_files) + (scalar keys %generated_file_files) + (scalar @noexist_file_files) - + 3; + + 4; plan tests => $n; @@ -83,6 +83,10 @@ indir "store_$$" => sub { { skip "failed initialisation", $n unless init(); + # test PEM_read_bio_PrivateKey + ok(run(app(["openssl", "rsa", "-in", "rsa-key-pkcs8-pbes2-sha256.pem", + "-passin", "pass:password"]))); + foreach (@noexist_files) { my $file = srctop_file($_); ok(!run(app(["openssl", "storeutl", $file]))); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits