Update from 0.9.7-stable.

diff --git a/CHANGES b/CHANGES
index cadf0d57a4b5e5d722f0f60ef67a4a203d031e6c..806049fdc937e33153d9b87d3d7106371de4bc15 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1045,6 +1045,10 @@
 
  Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]
 
+  *) Cleanse PEM buffers before freeing them since they may contain 
+     sensitive data.
+     [Benjamin Bennett <ben@psc.edu>]
+
   *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
      a ciphersuite string such as "DEFAULT:RSA" cannot enable
      authentication-only ciphersuites.

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index ffb29ce3d7edb248fc568de5ef841ae12a13c53f..9bae4c8850c7ef0a5dce5745c533e2aaecc24c72 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -579,6 +579,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                }
        EVP_EncodeFinal(&ctx,buf,&outl);
        if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
+       OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
        OPENSSL_free(buf);
        buf = NULL;
        if (    (BIO_write(bp,"-----END ",9) != 9) ||
@@ -587,8 +588,10 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                goto err;
        return(i+outl);
 err:
-       if (buf)
+       if (buf) {
+               OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
                OPENSSL_free(buf);
+       }
        PEMerr(PEM_F_PEM_WRITE_BIO,reason);
        return(0);
        }

diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 2162a45323e5b2eacac050d359bd2dfb94bf5f40..4da4c31ce5fa239f93c4bd68d1abfd09f2828fea 100644 (file)
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -125,6 +125,7 @@ p8err:
                PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
 err:
        OPENSSL_free(nm);
+       OPENSSL_cleanse(data, len);
        OPENSSL_free(data);
        return(ret);
        }