feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Added ForceZero on the password buffer after done using it.

Browse Source
This commit is contained in:
David Garske
2018-03-30 13:33:05 -07:00
parent 3a8b08cdbf
commit 1315fad7dc
2 changed files with 28 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/ssl.c
View File

@@ -4603,12 +4603,17 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
ret = NO_PASSWORD; ret = NO_PASSWORD;
} }
else { else {
passwordSz = info->passwd_cb(password, passwordSz, PEM_PASS_READ, ret = info->passwd_cb(password, passwordSz, PEM_PASS_READ,
info->passwd_userdata); info->passwd_userdata);
if (ret >= 0) {
passwordSz = ret;
/* decrypt the key */ /* decrypt the key */
ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, ret = wc_BufferKeyDecrypt(info, der->buffer, der->length,
(byte*)password, passwordSz, WC_MD5); (byte*)password, passwordSz, WC_MD5);
ForceZero(password, passwordSz);
}
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK

37
wolfcrypt/src/asn.c
View File

@@ -7990,30 +7990,31 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
#endif #endif
/* get password */ /* get password */
passwordSz = info->passwd_cb(password, passwordSz, PEM_PASS_READ, ret = info->passwd_cb(password, passwordSz, PEM_PASS_READ,
info->passwd_userdata); info->passwd_userdata);
if (ret >= 0) {
passwordSz = ret;
/* convert and adjust length */ /* convert and adjust length */
if (header == BEGIN_ENC_PRIV_KEY) { if (header == BEGIN_ENC_PRIV_KEY) {
ret = ToTraditionalEnc(der->buffer, der->length, ret = ToTraditionalEnc(der->buffer, der->length,
password, passwordSz); password, passwordSz);
#ifdef WOLFSSL_SMALL_STACK
XFREE(password, NULL, DYNAMIC_TYPE_STRING); if (ret >= 0) {
#endif der->length = ret;
if (ret < 0) { }
return ret;
} }
/* decrypt the key */
else {
ret = wc_BufferKeyDecrypt(info, der->buffer, der->length,
(byte*)password, passwordSz, WC_MD5);
}
ForceZero(password, passwordSz);
}
der->length = ret;
}
/* decrypt the key */
else {
ret = wc_BufferKeyDecrypt(info, der->buffer, der->length,
(byte*)password, passwordSz, WC_MD5);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(password, heap, DYNAMIC_TYPE_STRING); XFREE(password, heap, DYNAMIC_TYPE_STRING);
#endif #endif
}
} }
#endif /* WOLFSSL_ENCRYPTED_KEYS */ #endif /* WOLFSSL_ENCRYPTED_KEYS */