Update from 0.9.7-stable.

a2e623c0 · Dr. Stephen Henson · aa79dd68 · a2e623c0 · a2e623c0 · a2e623c0
隐藏空白更改
内联并排

Showing with 9 addition and 1 deletion

CHANGES CHANGES +4 -0

crypto/pem/pem_lib.c crypto/pem/pem_lib.c +4 -1

crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c +1 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -1524,6 +1524,10 @@

 Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]

+  *) Cleanse PEM buffers before freeing them since they may contain 
+     sensitive data.
+     [Benjamin Bennett <ben@psc.edu>]
+
  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
     a ciphersuite string such as "DEFAULT:RSA" cannot enable
     authentication-only ciphersuites.

--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -619,6 +619,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
 		}
 	EVP_EncodeFinal(&ctx,buf,&outl);
 	if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
+	OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
 	OPENSSL_free(buf);
 	buf = NULL;
 	if (	(BIO_write(bp,"-----END ",9) != 9) ||
@@ -627,8 +628,10 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
 		goto err;
 	return(i+outl);
 err:
-	if (buf)
+	if (buf) {
+		OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
 		OPENSSL_free(buf);
+	}
 	PEMerr(PEM_F_PEM_WRITE_BIO,reason);
 	return(0);
 	}

--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -132,6 +132,7 @@ p8err:
 		PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
 err:
 	OPENSSL_free(nm);
+	OPENSSL_cleanse(data, len);
 	OPENSSL_free(data);
 	return(ret);
 	}