[openssl/openssl] fb323b: zeroize rsa->p,rsa->q on error

Tue, 14 May 2024 06:58:15 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: fb323b27754089a34dc2a6a96a9b48cd4d0ee936
      
https://github.com/openssl/openssl/commit/fb323b27754089a34dc2a6a96a9b48cd4d0ee936
  Author: Alexandr Nedvedicky <sas...@openssl.org>
  Date:   2024-05-14 (Tue, 14 May 2024)

  Changed paths:
    M crypto/rsa/rsa_sp800_56b_gen.c

  Log Message:
  -----------
  zeroize rsa->p,rsa->q on error

this is rquired by fipd-186-5 section A.1.6, step 7:
        Zeroize the internally generated values that are not returned

In OpenSSL code we need to zero p, q members of rsa structure. The rsa
structure is provided by ossl_rsa_fips186_4_gen_prob_primes() caller.

The remaining values (variables) mentioned by standard are zeroed
already in functions we call from ossl_rsa_fips186_4_gen_prob_primes().

Reviewed-by: Neil Horman <nhor...@openssl.org>
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24358)



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

Reply via email to