+void BUF_MEM_free(BUF_MEM *a)
+{
+ if (a == NULL)
+ return;
+
+ if (a->data != NULL) {
+ memset(a->data, 0, (unsigned int)a->max);
+ if (a->flags & BUF_MEM_FLAG_SECURE)
+ OPENSSL_secure_free(a->data);
+ else
+ OPENSSL_clear_free(a->data, a->max);
+ }
+ OPENSSL_free(a);
+}
+
+/* Allocate a block of secure memory; copy over old data if there
+ * was any, and then free it. */
+static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
+{
+ char *ret;
+
+ ret = OPENSSL_secure_malloc(len);
+ if (str->data != NULL) {
+ if (ret != NULL)
+ memcpy(ret, str->data, str->length);
+ OPENSSL_secure_free(str->data);
+ }
+ return (ret);
+}
+
+size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
+{
+ char *ret;
+ size_t n;
+
+ if (str->length >= len) {
+ str->length = len;
+ return (len);
+ }
+ if (str->max >= len) {
+ memset(&str->data[str->length], 0, len - str->length);
+ str->length = len;
+ return (len);
+ }
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION) {
+ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ n = (len + 3) / 3 * 4;
+ if ((str->flags & BUF_MEM_FLAG_SECURE))
+ ret = sec_alloc_realloc(str, n);
+ else
+ ret = OPENSSL_realloc(str->data, n);
+ if (ret == NULL) {
+ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+ len = 0;
+ } else {
+ str->data = ret;
+ str->max = n;
+ memset(&str->data[str->length], 0, len - str->length);
+ str->length = len;
+ }
+ return (len);
+}
+
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
+{
+ char *ret;
+ size_t n;
+
+ if (str->length >= len) {
+ memset(&str->data[len], 0, str->length - len);
+ str->length = len;
+ return (len);
+ }
+ if (str->max >= len) {
+ memset(&str->data[str->length], 0, len - str->length);
+ str->length = len;
+ return (len);
+ }
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION) {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ n = (len + 3) / 3 * 4;
+ if ((str->flags & BUF_MEM_FLAG_SECURE))
+ ret = sec_alloc_realloc(str, n);
+ else
+ ret = OPENSSL_realloc_clean(str->data, str->max, n);
+ if (ret == NULL) {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+ len = 0;
+ } else {
+ str->data = ret;
+ str->max = n;
+ memset(&str->data[str->length], 0, len - str->length);
+ str->length = len;
+ }
+ return (len);
+}