Clean password buffer on stack for PEM_read_bio_PrivateKey

[oweals/openssl.git] / crypto / pem / pem_pkey.c

diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 93565011c02096acd7c8d1a243bd01291ab04afe..42ec933efdbad8b0ceb408e7405eb4dc9a31fe1e 100644 (file)
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -67,6 +67,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
         }
         p8inf = PKCS8_decrypt(p8, psbuf, klen);
         X509_SIG_free(p8);
+        OPENSSL_cleanse(psbuf, klen);
         if (!p8inf)
             goto p8err;
         ret = EVP_PKCS82PKEY(p8inf);