5fe7a39 libpkg: zero out key material in the ecc signer — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

libpkg: zero out key material in the ecc signer

Kyle Evans committed 2 years ago

commit 5fe7a398d9fa1cd9de67151b0620b3d6f1dfd489
parent 749c286

1 file changed +5 -1

modified libpkg/pkgsign_ecc.c

@@ -31,6 +31,7 @@

 #include <ctype.h>
 #include <fcntl.h>
 #include <strings.h>
 #include <libder.h>

@@ -886,6 +887,7 @@ _load_private_key(struct ecc_sign_ctx *keyinfo)

 	}
 out:
 	explicit_bzero(keybuf, sizeof(keybuf));
 	free(filedata);
 	if (fd != -1)
 		close(fd);

@@ -1247,9 +1249,11 @@ ecc_new(const char *name __unused, struct pkgsign_ctx *sctx)

 }
 static void
 ecc_free(struct pkgsign_ctx *sctx __unused)
 ecc_free(struct pkgsign_ctx *sctx)
 {
 	struct ecc_sign_ctx *keyinfo = ECC_CTX(sctx);
 	explicit_bzero(&keyinfo->keypair, sizeof(keyinfo->keypair));
 }
 const struct pkgsign_ops pkgsign_ecc = {