Use OPENSSL_secure_clear_free for secure mem BIOs and X25519 private keys
authorBernd Edlinger <bernd.edlinger@hotmail.de>
Fri, 28 Jul 2017 19:59:07 +0000 (21:59 +0200)
committerBernd Edlinger <bernd.edlinger@hotmail.de>
Sat, 29 Jul 2017 17:26:06 +0000 (19:26 +0200)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4044)

crypto/buffer/buffer.c
crypto/ec/ecx_meth.c

index ad7128a..f3f8a1b 100644 (file)
@@ -47,7 +47,7 @@ void BUF_MEM_free(BUF_MEM *a)
 
     if (a->data != NULL) {
         if (a->flags & BUF_MEM_FLAG_SECURE)
-            OPENSSL_secure_free(a->data);
+            OPENSSL_secure_clear_free(a->data, a->max);
         else
             OPENSSL_clear_free(a->data, a->max);
     }
@@ -64,7 +64,7 @@ static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
     if (str->data != NULL) {
         if (ret != NULL) {
             memcpy(ret, str->data, str->length);
-            OPENSSL_secure_free(str->data);
+            OPENSSL_secure_clear_free(str->data, str->length);
             str->data = NULL;
         }
     }
index b001196..4f7cfec 100644 (file)
@@ -220,7 +220,7 @@ static void ecx_free(EVP_PKEY *pkey)
     X25519_KEY *xkey = pkey->pkey.ptr;
 
     if (xkey)
-        OPENSSL_secure_free(xkey->privkey);
+        OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN);
     OPENSSL_free(xkey);
 }