Secure malloc and free primes and private exponent

mamckee · mamckee · commit 2f01cb463729 · 2025-03-27T00:09:17.000Z
diff --git a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c
@@ -1064,8 +1064,8 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I
 cleanup:
     OPENSSL_free(pbModulus1);
     OPENSSL_free(pbModulus2);
-    OPENSSL_secure_free(pbPrivateExponent1);
-    OPENSSL_secure_free(pbPrivateExponent2);
+    OPENSSL_secure_clear_free(pbPrivateExponent1, cbModulus);
+    OPENSSL_secure_clear_free(pbPrivateExponent2, cbModulus);
 
     return ret;
 }
@@ -1114,7 +1114,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX
         {
             cbModulus = p->data_size;
 
-            pbModulus = OPENSSL_zalloc(cbModulus);
+            pbModulus = OPENSSL_malloc(cbModulus);
             if (pbModulus == NULL)
             {
                 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
@@ -1141,7 +1141,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX
             {
                 pcbPrimes[0] = p->data_size;
 
-                ppbPrimes[0] = OPENSSL_zalloc(pcbPrimes[0]);
+                ppbPrimes[0] = OPENSSL_secure_malloc(pcbPrimes[0]);
                 if (ppbPrimes[0] == NULL)
                 {
                     ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
@@ -1160,7 +1160,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX
             {
                 pcbPrimes[1] = p->data_size;
 
-                ppbPrimes[1] = OPENSSL_zalloc(pcbPrimes[1]);
+                ppbPrimes[1] = OPENSSL_secure_malloc(pcbPrimes[1]);
                 if(ppbPrimes[1] == NULL)
                 {
                     ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
@@ -1182,7 +1182,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX
             {
                 cbPrivateExponent = p->data_size;
 
-                pbPrivateExponent = OPENSSL_zalloc(cbPrivateExponent);
+                pbPrivateExponent = OPENSSL_secure_malloc(cbPrivateExponent);
                 if(pbPrivateExponent == NULL)
                 {
                     ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
@@ -1271,10 +1271,10 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX
     ret = SCOSSL_SUCCESS;
 
 cleanup:
-    OPENSSL_free(pbPrivateExponent);
+    OPENSSL_secure_clear_free(pbPrivateExponent, cbModulus);
+    OPENSSL_secure_clear_free(ppbPrimes[0], pcbPrimes[0]);
+    OPENSSL_secure_clear_free(ppbPrimes[1], pcbPrimes[1]);
     OPENSSL_free(pbModulus);
-    OPENSSL_free(ppbPrimes[0]);
-    OPENSSL_free(ppbPrimes[1]);
     BN_free(bn);
 
     return ret;

Original file line number	Diff line number	Diff line change
`@@ -1064,8 +1064,8 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I`
`1064`	`1064`	`cleanup:`
`1065`	`1065`	`OPENSSL_free(pbModulus1);`
`1066`	`1066`	`OPENSSL_free(pbModulus2);`
`1067`		`- OPENSSL_secure_free(pbPrivateExponent1);`
`1068`		`- OPENSSL_secure_free(pbPrivateExponent2);`
	`1067`	`+ OPENSSL_secure_clear_free(pbPrivateExponent1, cbModulus);`
	`1068`	`+ OPENSSL_secure_clear_free(pbPrivateExponent2, cbModulus);`
`1069`	`1069`
`1070`	`1070`	`return ret;`
`1071`	`1071`	`}`
`@@ -1114,7 +1114,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX`
`1114`	`1114`	`{`
`1115`	`1115`	`cbModulus = p->data_size;`
`1116`	`1116`
`1117`		`- pbModulus = OPENSSL_zalloc(cbModulus);`
	`1117`	`+ pbModulus = OPENSSL_malloc(cbModulus);`
`1118`	`1118`	`if (pbModulus == NULL)`
`1119`	`1119`	`{`
`1120`	`1120`	`ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);`
`@@ -1141,7 +1141,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX`
`1141`	`1141`	`{`
`1142`	`1142`	`pcbPrimes[0] = p->data_size;`
`1143`	`1143`
`1144`		`- ppbPrimes[0] = OPENSSL_zalloc(pcbPrimes[0]);`
	`1144`	`+ ppbPrimes[0] = OPENSSL_secure_malloc(pcbPrimes[0]);`
`1145`	`1145`	`if (ppbPrimes[0] == NULL)`
`1146`	`1146`	`{`
`1147`	`1147`	`ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);`
`@@ -1160,7 +1160,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX`
`1160`	`1160`	`{`
`1161`	`1161`	`pcbPrimes[1] = p->data_size;`
`1162`	`1162`
`1163`		`- ppbPrimes[1] = OPENSSL_zalloc(pcbPrimes[1]);`
	`1163`	`+ ppbPrimes[1] = OPENSSL_secure_malloc(pcbPrimes[1]);`
`1164`	`1164`	`if(ppbPrimes[1] == NULL)`
`1165`	`1165`	`{`
`1166`	`1166`	`ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);`
`@@ -1182,7 +1182,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX`
`1182`	`1182`	`{`
`1183`	`1183`	`cbPrivateExponent = p->data_size;`
`1184`	`1184`
`1185`		`- pbPrivateExponent = OPENSSL_zalloc(cbPrivateExponent);`
	`1185`	`+ pbPrivateExponent = OPENSSL_secure_malloc(cbPrivateExponent);`
`1186`	`1186`	`if(pbPrivateExponent == NULL)`
`1187`	`1187`	`{`
`1188`	`1188`	`ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);`
`@@ -1271,10 +1271,10 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX`
`1271`	`1271`	`ret = SCOSSL_SUCCESS;`
`1272`	`1272`
`1273`	`1273`	`cleanup:`
`1274`		`- OPENSSL_free(pbPrivateExponent);`
	`1274`	`+ OPENSSL_secure_clear_free(pbPrivateExponent, cbModulus);`
	`1275`	`+ OPENSSL_secure_clear_free(ppbPrimes[0], pcbPrimes[0]);`
	`1276`	`+ OPENSSL_secure_clear_free(ppbPrimes[1], pcbPrimes[1]);`
`1275`	`1277`	`OPENSSL_free(pbModulus);`
`1276`		`- OPENSSL_free(ppbPrimes[0]);`
`1277`		`- OPENSSL_free(ppbPrimes[1]);`
`1278`	`1278`	`BN_free(bn);`
`1279`	`1279`
`1280`	`1280`	`return ret;`