From 5d8f1b13890df51bce97b1a4c2a31f5228bb4744 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Fri, 28 Jul 2017 21:59:07 +0200 Subject: [PATCH] Use OPENSSL_secure_clear_free for secure mem BIOs and X25519 private keys Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/4044) --- crypto/buffer/buffer.c | 4 ++-- crypto/ec/ecx_meth.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index ad7128a732..f3f8a1b55c 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -47,7 +47,7 @@ void BUF_MEM_free(BUF_MEM *a) if (a->data != NULL) { if (a->flags & BUF_MEM_FLAG_SECURE) - OPENSSL_secure_free(a->data); + OPENSSL_secure_clear_free(a->data, a->max); else OPENSSL_clear_free(a->data, a->max); } @@ -64,7 +64,7 @@ static char *sec_alloc_realloc(BUF_MEM *str, size_t len) if (str->data != NULL) { if (ret != NULL) { memcpy(ret, str->data, str->length); - OPENSSL_secure_free(str->data); + OPENSSL_secure_clear_free(str->data, str->length); str->data = NULL; } } diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index b001196309..4f7cfec728 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -220,7 +220,7 @@ static void ecx_free(EVP_PKEY *pkey) X25519_KEY *xkey = pkey->pkey.ptr; if (xkey) - OPENSSL_secure_free(xkey->privkey); + OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN); OPENSSL_free(xkey); } -- 2.25.1