]> git.ipfire.org Git - thirdparty/openssl.git/commit
port_init(): Security hardening for token key
authorAndrew Ioanoviciu <aoi8771@rit.edu>
Tue, 11 Mar 2025 15:17:11 +0000 (11:17 -0400)
committerTomas Mraz <tomas@openssl.org>
Thu, 27 Mar 2025 09:44:09 +0000 (10:44 +0100)
commit50f945117c12219f52fc76d17154663fc749812d
treedb1a295a54a739b49c19f5a5e8cc1be3c2b79ea7
parentaeb797594b28f8bd3e2cc1fa8a51ba7f1aea1b1d
port_init(): Security hardening for token key

Used RAND_priv_bytes_ex instead of RAND_bytes_ex to guarantee higher isolation
for cryptographic keys.

Replaced OPENSSL_free with OPENSSL_clear_free to wipe sensitive data and free
it.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27029)
ssl/quic/quic_port.c