kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 0fe570ef4125755526135625ffd4f8f58aa70d64
parent 6ba7390cc9fcb19ec344b77a6d1b8f5c970785cf
Author: Joris Vink <joris@coders.se>
Date:   Mon, 27 Feb 2017 21:05:56 -0800

cleanse any intermediate buffers for keymgr.

Diffstat:
src/keymgr.c | 10+++++++---
1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/keymgr.c b/src/keymgr.c @@ -177,6 +177,7 @@ keymgr_load_randfile(void) total += (size_t)ret; RAND_seed(buf, (int)ret); + OPENSSL_cleanse(buf, sizeof(buf)); } (void)close(fd); @@ -204,7 +205,7 @@ keymgr_save_randfile(void) if (RAND_bytes(buf, sizeof(buf)) != 1) { kore_log(LOG_WARNING, "RAND_bytes: %s", ssl_errno_s); - return; + goto cleanup; } if ((fd = open(RAND_TMP_FILE, @@ -212,7 +213,7 @@ keymgr_save_randfile(void) kore_log(LOG_WARNING, "failed to open %s: %s - random data not written", RAND_TMP_FILE, errno_s); - return; + goto cleanup; } ret = write(fd, buf, sizeof(buf)); @@ -220,7 +221,7 @@ keymgr_save_randfile(void) kore_log(LOG_WARNING, "failed to write random data"); (void)close(fd); (void)unlink(RAND_TMP_FILE); - return; + goto cleanup; } if (close(fd) == -1) @@ -232,6 +233,9 @@ keymgr_save_randfile(void) (void)unlink(rand_file); (void)unlink(RAND_TMP_FILE); } + +cleanup: + OPENSSL_cleanse(buf, sizeof(buf)); } static void