Clean password buffer on stack for PEM_read_bio_PrivateKey

[openssl.git] / crypto / pem / pem_pk8.c

diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 993c595a7b7b2020a6e11d647dab2c16b29d971d..5caad9faab8771a0ff3e152bd2610c04ffeeace5 100644 (file)
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -131,6 +131,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     }
     p8inf = PKCS8_decrypt(p8, psbuf, klen);
     X509_SIG_free(p8);
+    OPENSSL_cleanse(psbuf, klen);
     if (!p8inf)
         return NULL;
     ret = EVP_PKCS82PKEY(p8inf);