From: Pauli Date: Tue, 6 Apr 2021 22:48:59 +0000 (+1000) Subject: param_build: check for the usage of secure memory better. X-Git-Tag: openssl-3.0.0-alpha14~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6b55ad91ada4547145da2d0bbc5c562ae6c1e34;p=thirdparty%2Fopenssl.git param_build: check for the usage of secure memory better. The param build now checks the string types and locates them in secure memory if the original string is. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/14782) --- diff --git a/crypto/param_build.c b/crypto/param_build.c index facbb281a4a..6ce0f016851 100644 --- a/crypto/param_build.c +++ b/crypto/param_build.c @@ -240,6 +240,7 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, const char *buf, size_t bsize) { OSSL_PARAM_BLD_DEF *pd; + int secure; if (bsize == 0) { bsize = strlen(buf); @@ -247,7 +248,8 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); return 0; } - pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, 0); + secure = CRYPTO_secure_allocated(buf); + pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, secure); if (pd == NULL) return 0; pd->string = buf; @@ -276,12 +278,14 @@ int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, const void *buf, size_t bsize) { OSSL_PARAM_BLD_DEF *pd; + int secure; if (bsize > INT_MAX) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); return 0; } - pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, 0); + secure = CRYPTO_secure_allocated(buf); + pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure); if (pd == NULL) return 0; pd->string = buf;