From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri, 28 Jul 2017 19:59:07 +0000 (+0200)
Subject: Use OPENSSL_secure_clear_free for secure mem BIOs and X25519 private keys
X-Git-Tag: OpenSSL_1_1_1-pre1~947
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d8f1b13890df51bce97b1a4c2a31f5228bb4744;p=thirdparty%2Fopenssl.git

Use OPENSSL_secure_clear_free for secure mem BIOs and X25519 private keys

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4044)
---

diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index ad7128a732a..f3f8a1b55c8 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -47,7 +47,7 @@ void BUF_MEM_free(BUF_MEM *a)
 
     if (a->data != NULL) {
         if (a->flags & BUF_MEM_FLAG_SECURE)
-            OPENSSL_secure_free(a->data);
+            OPENSSL_secure_clear_free(a->data, a->max);
         else
             OPENSSL_clear_free(a->data, a->max);
     }
@@ -64,7 +64,7 @@ static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
     if (str->data != NULL) {
         if (ret != NULL) {
             memcpy(ret, str->data, str->length);
-            OPENSSL_secure_free(str->data);
+            OPENSSL_secure_clear_free(str->data, str->length);
             str->data = NULL;
         }
     }
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index b001196309d..4f7cfec728c 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -220,7 +220,7 @@ static void ecx_free(EVP_PKEY *pkey)
     X25519_KEY *xkey = pkey->pkey.ptr;
 
     if (xkey)
-        OPENSSL_secure_free(xkey->privkey);
+        OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN);
     OPENSSL_free(xkey);
 }