You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
openssl/SOURCES/0077-FIPS-140-3-zeroization...

103 lines
3.3 KiB

From 9c667a7ba589329f3a777b012bf69a0db7f7eda9 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:29 +0200
Subject: [PATCH 33/35] 0077-FIPS-140-3-zeroization.patch
Patch-name: 0077-FIPS-140-3-zeroization.patch
Patch-id: 77
Patch-status: |
# https://bugzilla.redhat.com/show_bug.cgi?id=2102542
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
---
crypto/ec/ec_lib.c | 4 ++++
crypto/ffc/ffc_params.c | 8 ++++----
crypto/rsa/rsa_lib.c | 4 ++--
providers/implementations/kdfs/hkdf.c | 2 +-
providers/implementations/kdfs/pbkdf2.c | 2 +-
5 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 6c37bf78ae..cfbc3c3c1d 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group)
void EC_POINT_free(EC_POINT *point)
{
+#ifdef FIPS_MODULE
+ EC_POINT_clear_free(point);
+#else
if (point == NULL)
return;
if (point->meth->point_finish != 0)
point->meth->point_finish(point);
OPENSSL_free(point);
+#endif
}
void EC_POINT_clear_free(EC_POINT *point)
diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
index 3536efd1ad..f3c164b8fc 100644
--- a/crypto/ffc/ffc_params.c
+++ b/crypto/ffc/ffc_params.c
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *params)
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
{
- BN_free(params->p);
- BN_free(params->q);
- BN_free(params->g);
- BN_free(params->j);
+ BN_clear_free(params->p);
+ BN_clear_free(params->q);
+ BN_clear_free(params->g);
+ BN_clear_free(params->j);
OPENSSL_free(params->seed);
ossl_ffc_params_init(params);
}
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 9588a75964..76b4aac6fc 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock);
CRYPTO_FREE_REF(&r->references);
- BN_free(r->n);
- BN_free(r->e);
+ BN_clear_free(r->n);
+ BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index daa619b8af..5304baa6c9 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -118,7 +118,7 @@ static void kdf_hkdf_reset(void *vctx)
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx->label);
OPENSSL_clear_free(ctx->data, ctx->data_len);
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index 5c3e7b95ce..349c3dd657 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -92,7 +92,7 @@ static void *kdf_pbkdf2_new(void *provctx)
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
{
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
memset(ctx, 0, sizeof(*ctx));
}
--
2.41.0