Use freezero() with ASN1_ENCODING.

While ASN1_ENCODING is currently only used with types that should only
contain public information, we assume that ASN.1 may contain sensitive
information, hence use freezero() here instead of free().

ok deraadt@ tb@

diff --git a/lib/libcrypto/asn1/tasn_utl.c b/lib/libcrypto/asn1/tasn_utl.c
index 4ef4232..e3b2c9e 100644 (file)
--- a/lib/libcrypto/asn1/tasn_utl.c
+++ b/lib/libcrypto/asn1/tasn_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_utl.c,v 1.14 2022/05/10 05:19:23 jsing Exp $ */
+/* $OpenBSD: tasn_utl.c,v 1.15 2022/05/12 19:24:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -153,7 +153,7 @@ asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 
        enc = asn1_get_enc_ptr(pval, it);
        if (enc) {
-               free(enc->enc);
+               freezero(enc->enc, enc->len);
                enc->enc = NULL;
                enc->len = 0;
                enc->modified = 1;
@@ -170,7 +170,7 @@ asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
        if (!enc)
                return 1;
 
-       free(enc->enc);
+       freezero(enc->enc, enc->len);
        enc->enc = malloc(inlen);
        if (!enc->enc)
                return 0;