From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 29 Dec 2021 08:26:58 +0000 (+0100)
Subject: try_pkcs12(): cleanse passphrase so it is not left on the stack
X-Git-Tag: openssl-3.2.0-alpha1~3154
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da7db7ae6d7d1929893a58e41335c88e472fc364;p=thirdparty%2Fopenssl.git

try_pkcs12(): cleanse passphrase so it is not left on the stack

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)
---

diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 893828ee3ed..de00f4f5628 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -619,9 +619,10 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
                 }
                 ctx->cached_info = infos;
             }
+         p12_end:
+            OPENSSL_cleanse(tpass, sizeof(tpass));
+            PKCS12_free(p12);
         }
-     p12_end:
-        PKCS12_free(p12);
         *v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
     }