if (a->data != NULL) {
if (a->flags & BUF_MEM_FLAG_SECURE)
- OPENSSL_secure_free(a->data);
+ OPENSSL_secure_clear_free(a->data, a->max);
else
OPENSSL_clear_free(a->data, a->max);
}
if (str->data != NULL) {
if (ret != NULL) {
memcpy(ret, str->data, str->length);
- OPENSSL_secure_free(str->data);
+ OPENSSL_secure_clear_free(str->data, str->length);
str->data = NULL;
}
}
X25519_KEY *xkey = pkey->pkey.ptr;
if (xkey)
- OPENSSL_secure_free(xkey->privkey);
+ OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN);
OPENSSL_free(xkey);
}
#endif /* IMPLEMENTED */
}
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+ const char *file, int line)
+{
+#ifdef IMPLEMENTED
+ size_t actual_size;
+
+ if (ptr == NULL)
+ return;
+ if (!CRYPTO_secure_allocated(ptr)) {
+ OPENSSL_cleanse(ptr, num);
+ CRYPTO_free(ptr, file, line);
+ return;
+ }
+ CRYPTO_THREAD_write_lock(sec_malloc_lock);
+ actual_size = sh_actual_size(ptr);
+ CLEAR(ptr, actual_size);
+ secure_mem_used -= actual_size;
+ sh_free(ptr);
+ CRYPTO_THREAD_unlock(sec_malloc_lock);
+#else
+ if (ptr == NULL)
+ return;
+ OPENSSL_cleanse(ptr, num);
+ CRYPTO_free(ptr, file, line);
+#endif /* IMPLEMENTED */
+}
+
int CRYPTO_secure_allocated(const void *ptr)
{
#ifdef IMPLEMENTED
void OPENSSL_secure_free(void* ptr);
void CRYPTO_secure_free(void *ptr, const char *, int);
+ void OPENSSL_secure_clear_free(void* ptr, size_t num);
+ void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int);
+
size_t OPENSSL_secure_actual_size(const void *ptr);
int OPENSSL_secure_allocated(const void *ptr);
CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.
-OPENSSL_secure_free() returns no values.
+OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.
=head1 SEE ALSO
L<OPENSSL_malloc(3)>,
L<BN_new(3)>
+=head1 HISTORY
+
+OPENSSL_secure_clear_free() was added in OpenSSL 1.1.0g.
+
=head1 COPYRIGHT
Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
# define OPENSSL_secure_free(addr) \
CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_clear_free(addr, num) \
+ CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
# define OPENSSL_secure_actual_size(ptr) \
CRYPTO_secure_actual_size(ptr)
void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
void CRYPTO_secure_free(void *ptr, const char *file, int line);
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+ const char *file, int line);
int CRYPTO_secure_allocated(const void *ptr);
int CRYPTO_secure_malloc_initialized(void);
size_t CRYPTO_secure_actual_size(void *ptr);
UINT32_it 4214 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ZINT64_it 4215 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_secure_clear_free 4315 1_1_0g EXIST::FUNCTION: