From 358d446f259cd8acb13b2919bce12ed34bf6ce56 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Sat, 29 Jul 2017 15:15:11 +0200 Subject: [PATCH] Use OPENSSL_secure_clear_free in STORE file_load Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/4044) --- crypto/store/loader_file.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index ca1506513a..99c9350cf8 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -1037,10 +1037,10 @@ static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx, return result; } -static void pem_free_flag(void *pem_data, int secure) +static void pem_free_flag(void *pem_data, int secure, size_t num) { if (secure) - OPENSSL_secure_free(pem_data); + OPENSSL_secure_clear_free(pem_data, num); else OPENSSL_free(pem_data); } @@ -1243,9 +1243,9 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, ctx->errcnt++; endloop: - pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0); - pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0); - pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0); + pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); + pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); + pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len); } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx)); /* We bail out on ambiguity */ -- 2.25.1