From b6b55ad91ada4547145da2d0bbc5c562ae6c1e34 Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 7 Apr 2021 08:48:59 +1000 Subject: param_build: check for the usage of secure memory better. The param build now checks the string types and locates them in secure memory if the original string is. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/14782) --- crypto/param_build.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'crypto') diff --git a/crypto/param_build.c b/crypto/param_build.c index facbb281a4..6ce0f01685 100644 --- a/crypto/param_build.c +++ b/crypto/param_build.c @@ -240,6 +240,7 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, const char *buf, size_t bsize) { OSSL_PARAM_BLD_DEF *pd; + int secure; if (bsize == 0) { bsize = strlen(buf); @@ -247,7 +248,8 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); return 0; } - pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, 0); + secure = CRYPTO_secure_allocated(buf); + pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, secure); if (pd == NULL) return 0; pd->string = buf; @@ -276,12 +278,14 @@ int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, const void *buf, size_t bsize) { OSSL_PARAM_BLD_DEF *pd; + int secure; if (bsize > INT_MAX) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); return 0; } - pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, 0); + secure = CRYPTO_secure_allocated(buf); + pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure); if (pd == NULL) return 0; pd->string = buf; -- cgit v1.2.3