Use OPENSSL_secure_clear_free in STORE file_load
authorBernd Edlinger <bernd.edlinger@hotmail.de>
Sat, 29 Jul 2017 13:15:11 +0000 (15:15 +0200)
committerBernd Edlinger <bernd.edlinger@hotmail.de>
Sat, 29 Jul 2017 17:31:11 +0000 (19:31 +0200)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4044)

crypto/store/loader_file.c

index ca15065..99c9350 100644 (file)
@@ -1037,10 +1037,10 @@ static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx,
     return result;
 }
 
-static void pem_free_flag(void *pem_data, int secure)
+static void pem_free_flag(void *pem_data, int secure, size_t num)
 {
     if (secure)
-        OPENSSL_secure_free(pem_data);
+        OPENSSL_secure_clear_free(pem_data, num);
     else
         OPENSSL_free(pem_data);
 }
@@ -1243,9 +1243,9 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx,
                 ctx->errcnt++;
 
          endloop:
-            pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0);
-            pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0);
-            pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0);
+            pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
+            pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
+            pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len);
         } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx));
 
         /* We bail out on ambiguity */