]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ceb45f6)
tls: explicitly clear the secure extensions on free
authorPauli <ppzgs1@gmail.com>
Tue, 2 Sep 2025 02:30:00 +0000 (12:30 +1000)
committerPauli <ppzgs1@gmail.com>
Thu, 4 Sep 2025 06:03:24 +0000 (16:03 +1000)
Secure memory clears anyway but best to be explicit about it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28413)

ssl/ssl_lib.c patch | blob | blame | history

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index da99fd263125c0b10495410691293d4990c4f8ad..bd970750566a3d27bc2313fef58e78af41f1e684 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4446,7 +4446,7 @@ void SSL_CTX_free(SSL_CTX *a)
     OPENSSL_free(a->ext.keyshares);
     OPENSSL_free(a->ext.tuples);
     OPENSSL_free(a->ext.alpn);
-    OPENSSL_secure_free(a->ext.secure);
+    OPENSSL_secure_clear_free(a->ext.secure, sizeof(*a->ext.secure));
 
     ssl_evp_md_free(a->md5);
     ssl_evp_md_free(a->sha1);
Mirror of https://github.com/openssl/openssl.git