diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-05-04 13:52:00 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-05-04 13:52:00 +0000 |
| commit | 53f1bcbd23dbbe1277813010308d1c4312f8fe2c (patch) | |
| tree | 2482f092ef78de4916305afae63ef5bded72e1c1 | |
| parent | 963b1b6a868a333371c790fa85bd1cf55fe8ce41 (diff) | |
Rewrite ECParameters_dup()
This should leak slightly less than the direct expansion of ASN1_dup_of().
Use freezero() since the DER could contain a private key.
ok jsing
| -rw-r--r-- | lib/libcrypto/ec/ec_lib.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c index f560aa9991f..308a0f00614 100644 --- a/lib/libcrypto/ec/ec_lib.c +++ b/lib/libcrypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.56 2023/04/25 19:53:30 tb Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.57 2023/05/04 13:51:59 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -1459,15 +1459,20 @@ ec_group_simple_order_bits(const EC_GROUP *group) EC_KEY * ECParameters_dup(EC_KEY *key) { - unsigned char *p = NULL; - EC_KEY *k = NULL; + const unsigned char *p; + unsigned char *der = NULL; + EC_KEY *dup = NULL; int len; if (key == NULL) - return (NULL); + return NULL; + + if ((len = i2d_ECParameters(key, &der)) <= 0) + return NULL; - if ((len = i2d_ECParameters(key, &p)) > 0) - k = d2i_ECParameters(NULL, (const unsigned char **)&p, len); + p = der; + dup = d2i_ECParameters(NULL, &p, len); + freezero(der, len); - return (k); + return dup; } |