From e94118ae2a6aff6427ade82e843d683d4913bcec Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 30 Apr 2015 14:04:30 +0100
Subject: [PATCH] Replace memset with OPENSSL_cleanse()

BUF_MEM_free() attempts to cleanse memory using memset immediately prior
to a free. This is at risk of being optimised away by the compiler, so
replace with a call to OPENSSL_cleanse() instead.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Stephen Henson <steve@openssl.org>
---
 crypto/buffer/buffer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index d287e340a2..eff3e08157 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a)
         return;
 
     if (a->data != NULL) {
-        memset(a->data, 0, (unsigned int)a->max);
+        OPENSSL_cleanse(a->data, a->max);
         OPENSSL_free(a->data);
     }
     OPENSSL_free(a);
-- 
2.34.1