The below snippet is from crypto/pem/pem_pkey.c
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb
*cb, void *u) {
...snip
} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
X509_SIG *p8;
int klen;
char psbuf[PEM_BUFSIZE];
p8 = d2i_X509_SIG(NULL, &p, len);
if(!p8) goto p8err;
if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
if (klen <= 0) {
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
goto err;
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
if(!p8inf) goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
if(x) {
if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0)
...snip
}
What we have here is a stack-allocated password buffer psbuf populated
by a password callback. It is scoped to this particular if-block. The
psbuf is passed to PKCS8_decrypt, where it is const. It looks like the
password is written to the stack, used, and then never cleansed using
OPENSSL_cleanse.
Should the psbuf be cleansed? What about p8inf?
JKL
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
