[git commit] tls: do not leak RSA key
Denys Vlasenko
vda.linux at googlemail.com
Sun Nov 25 15:17:26 UTC 2018
commit: https://git.busybox.net/busybox/commit/?id=a6192f347fb87289c9cfdc4d57b126d704eba0de
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
function old new delta
tls_handshake 1957 2059 +102
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
networking/tls.c | 1 +
networking/tls_rsa.h | 12 ++++++++++++
2 files changed, 13 insertions(+)
diff --git a/networking/tls.c b/networking/tls.c
index 9b4298de7..9833a0adb 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -2168,6 +2168,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
/* application data can be sent/received */
/* free handshake data */
+ psRsaKey_clear(&tls->hsd->server_rsa_pub_key);
// if (PARANOIA)
// memset(tls->hsd, 0, tls->hsd->hsd_size);
free(tls->hsd);
diff --git a/networking/tls_rsa.h b/networking/tls_rsa.h
index f42923ff5..82bea2a67 100644
--- a/networking/tls_rsa.h
+++ b/networking/tls_rsa.h
@@ -13,6 +13,18 @@ typedef struct {
//bbox psPool_t *pool;
} psRsaKey_t;
+static ALWAYS_INLINE void psRsaKey_clear(psRsaKey_t *key)
+{
+ pstm_clear(&key->N);
+ pstm_clear(&key->e);
+ pstm_clear(&key->d);
+ pstm_clear(&key->p);
+ pstm_clear(&key->q);
+ pstm_clear(&key->dP);
+ pstm_clear(&key->dQ);
+ pstm_clear(&key->qP);
+}
+
#define psRsaEncryptPub(pool, key, in, inlen, out, outlen, data) \
psRsaEncryptPub( key, in, inlen, out, outlen)
int32 psRsaEncryptPub(psPool_t *pool, psRsaKey_t *key,
More information about the busybox-cvs
mailing list