goto err;
ret = OSSL_PARAM_get_BN(params, bn);
err:
- OPENSSL_free(buf);
+ if (buf != NULL) {
+ if (OSSL_PARAM_modified(params))
+ OPENSSL_clear_free(buf, buf_sz);
+ else
+ OPENSSL_free(buf);
+ } else if (OSSL_PARAM_modified(params)) {
+ OPENSSL_cleanse(buffer, params[0].data_size);
+ }
return ret;
}