Replace memset with OPENSSL_cleanse()

BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_cleanse() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson <steve@openssl.org>
2015-04-30 14:04:30 +01:00 · 2015-04-30 14:04:30 +01:00 · e94118ae2a
commit e94118ae2a
parent 106a9a5d7e
1 changed files with 1 additions and 1 deletions
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a)
        return;

    if (a->data != NULL) {
-        memset(a->data, 0, (unsigned int)a->max);
+        OPENSSL_cleanse(a->data, a->max);
        OPENSSL_free(a->data);
    }
    OPENSSL_free(a);