cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream-restricted/pr/399' into development-restricted

Browse Source
This commit is contained in:
Gilles Peskine 2017-11-28 14:17:53 +01:00
commit 7ca6d1fdd4
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -21,6 +21,8 @@ Security
* Tighten should-be-constant-time memcmp against compiler optimizations. * Tighten should-be-constant-time memcmp against compiler optimizations.
* Ensure that buffers are cleared after use if they contain sensitive data. * Ensure that buffers are cleared after use if they contain sensitive data.
Changes were introduced in multiple places in the library. Changes were introduced in multiple places in the library.
* Set PEM buffer to zero before freeing it, to avoid decoded private keys
being leaked to memory after release.
Features Features
* Allow comments in test data files. * Allow comments in test data files.

2
library/pem.c
View File

@ -391,6 +391,8 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
void mbedtls_pem_free( mbedtls_pem_context *ctx ) void mbedtls_pem_free( mbedtls_pem_context *ctx )
{ {
if( ctx->buf != NULL )
mbedtls_zeroize( ctx->buf, ctx->buflen );
mbedtls_free( ctx->buf ); mbedtls_free( ctx->buf );
mbedtls_free( ctx->info ); mbedtls_free( ctx->info );