Clean Kerberos pre-master secret

Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e)
author: Matt Caswell <matt@openssl.org> 2015-06-04 11:41:30 +0100
committer: Matt Caswell <matt@openssl.org> 2015-06-04 12:44:47 +0100
commit: 91e64e142770bc13145346a5e89e9d95bc3e22dd (patch)
tree: 9dcda7f16d4493af7ea4344106cbed5ff6c44408
parent: 0d3a7e7c9147357ca69993944a279cd0931963d5 (diff)
download: openssl-91e64e142770bc13145346a5e89e9d95bc3e22dd.tar.gz
1 files changed, 16 insertions, 5 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8e30083234..8d3244f9e4 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2215,6 +2215,7 @@ int ssl3_get_client_key_exchange(SSL *s)
         int padl, outl;
         krb5_timestamp authtime = 0;
         krb5_ticket_times ttimes;
+        int kerr = 0;
 
         EVP_CIPHER_CTX_init(&ciph_ctx);
 
@@ -2317,23 +2318,27 @@ int ssl3_get_client_key_exchange(SSL *s)
         {
             SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                    SSL_R_DECRYPTION_FAILED);
-            goto err;
+            kerr = 1;
+            goto kclean;
         }
         if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
             SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                    SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
+            kerr = 1;
+            goto kclean;
         }
         if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
             SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                    SSL_R_DECRYPTION_FAILED);
-            goto err;
+            kerr = 1;
+            goto kclean;
         }
         outl += padl;
         if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
             SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                    SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
+            kerr = 1;
+            goto kclean;
         }
         if (!((pms[0] == (s->client_version >> 8))
               && (pms[1] == (s->client_version & 0xff)))) {
@@ -2350,7 +2355,8 @@ int ssl3_get_client_key_exchange(SSL *s)
             if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                        SSL_AD_DECODE_ERROR);
-                goto err;
+                kerr = 1;
+                goto kclean;
             }
         }
 
@@ -2376,6 +2382,11 @@ int ssl3_get_client_key_exchange(SSL *s)
          *  kssl_ctx = kssl_ctx_free(kssl_ctx);
          *  if (s->kssl_ctx)  s->kssl_ctx = NULL;
          */
+
+ kclean:
+        OPENSSL_cleanse(pms, sizeof(pms));
+        if (kerr)
+            goto err;
     } else
 #endif                          /* OPENSSL_NO_KRB5 */
author	Matt Caswell <matt@openssl.org>	2015-06-04 11:41:30 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-04 12:44:47 +0100
commit	91e64e142770bc13145346a5e89e9d95bc3e22dd (patch)
tree	9dcda7f16d4493af7ea4344106cbed5ff6c44408
parent	0d3a7e7c9147357ca69993944a279cd0931963d5 (diff)
download	openssl-91e64e142770bc13145346a5e89e9d95bc3e22dd.tar.gz