diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-12-29 09:26:58 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-01-03 10:35:36 +0100 |
| commit | da7db7ae6d7d1929893a58e41335c88e472fc364 (patch) | |
| tree | a4747cf494eb61798ffeaaad44fe8b7c0b812528 /crypto/store | |
| parent | 1dfef929e43ebfa3a7f1108317f75747f92effb6 (diff) | |
| download | openssl-new-da7db7ae6d7d1929893a58e41335c88e472fc364.tar.gz | |
try_pkcs12(): cleanse passphrase so it is not left on the stack
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)
Diffstat (limited to 'crypto/store')
| -rw-r--r-- | crypto/store/store_result.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index 893828ee3e..de00f4f562 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -619,9 +619,10 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, } ctx->cached_info = infos; } + p12_end: + OPENSSL_cleanse(tpass, sizeof(tpass)); + PKCS12_free(p12); } - p12_end: - PKCS12_free(p12); *v = sk_OSSL_STORE_INFO_shift(ctx->cached_info); } |