From: jsing <jsing@openbsd.org>
Date: Thu, 12 May 2022 19:24:38 +0000 (+0000)
Subject: Use freezero() with ASN1_ENCODING.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=515d0ec8f042562c281242793115c9b61bd2b8ab;p=openbsd

Use freezero() with ASN1_ENCODING.

While ASN1_ENCODING is currently only used with types that should only
contain public information, we assume that ASN.1 may contain sensitive
information, hence use freezero() here instead of free().

ok deraadt@ tb@
---

diff --git a/lib/libcrypto/asn1/tasn_utl.c b/lib/libcrypto/asn1/tasn_utl.c
index 4ef4232c7e8..e3b2c9e4dc6 100644
--- a/lib/libcrypto/asn1/tasn_utl.c
+++ b/lib/libcrypto/asn1/tasn_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_utl.c,v 1.14 2022/05/10 05:19:23 jsing Exp $ */
+/* $OpenBSD: tasn_utl.c,v 1.15 2022/05/12 19:24:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -153,7 +153,7 @@ asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 
 	enc = asn1_get_enc_ptr(pval, it);
 	if (enc) {
-		free(enc->enc);
+		freezero(enc->enc, enc->len);
 		enc->enc = NULL;
 		enc->len = 0;
 		enc->modified = 1;
@@ -170,7 +170,7 @@ asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
 	if (!enc)
 		return 1;
 
-	free(enc->enc);
+	freezero(enc->enc, enc->len);
 	enc->enc = malloc(inlen);
 	if (!enc->enc)
 		return 0;