From: Pauli <ppzgs1@gmail.com>
Date: Tue, 2 Sep 2025 02:30:00 +0000 (+1000)
Subject: tls: explicitly clear the secure extensions on free
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d68b70b9e4f36509a8adf63221bf24b3cc18052;p=thirdparty%2Fopenssl.git

tls: explicitly clear the secure extensions on free

Secure memory clears anyway but best to be explicit about it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28413)
---

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index da99fd26312..bd970750566 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4446,7 +4446,7 @@ void SSL_CTX_free(SSL_CTX *a)
     OPENSSL_free(a->ext.keyshares);
     OPENSSL_free(a->ext.tuples);
     OPENSSL_free(a->ext.alpn);
-    OPENSSL_secure_free(a->ext.secure);
+    OPENSSL_secure_clear_free(a->ext.secure, sizeof(*a->ext.secure));
 
     ssl_evp_md_free(a->md5);
     ssl_evp_md_free(a->sha1);