Add sensitive memory clean in priv encode

Fixed #18540 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18541)
author: Kan <chenxinpingc2306@163.com> 2022-06-12 21:11:01 +0800
committer: Pauli <pauli@openssl.org> 2022-06-16 15:15:36 +1000
commit: 16249341bb64329c2542c3d1e23b97ed3c44fad3 (patch)
tree: a870b321431bab8e1727006b84c0a28b11cbba66 /crypto/dh
parent: 4f4942a133bd57c4940fb1bc6ed7c8b67da4d8f0 (diff)
download: openssl-new-16249341bb64329c2542c3d1e23b97ed3c44fad3.tar.gz
1 files changed, 3 insertions, 5 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 47a6ab7d0c..6ec582f5f3 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -206,18 +206,16 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     dplen = i2d_ASN1_INTEGER(prkey, &dp);
 
     ASN1_STRING_clear_free(prkey);
-    prkey = NULL;
 
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
-                         V_ASN1_SEQUENCE, params, dp, dplen))
+                         V_ASN1_SEQUENCE, params, dp, dplen)) {
+        OPENSSL_clear_free(dp, dplen);
         goto err;
-
+    }
     return 1;
 
  err:
-    OPENSSL_free(dp);
     ASN1_STRING_free(params);
-    ASN1_STRING_clear_free(prkey);
     return 0;
 }
author	Kan <chenxinpingc2306@163.com>	2022-06-12 21:11:01 +0800
committer	Pauli <pauli@openssl.org>	2022-06-16 15:15:36 +1000
commit	16249341bb64329c2542c3d1e23b97ed3c44fad3 (patch)
tree	a870b321431bab8e1727006b84c0a28b11cbba66 /crypto/dh
parent	4f4942a133bd57c4940fb1bc6ed7c8b67da4d8f0 (diff)
download	openssl-new-16249341bb64329c2542c3d1e23b97ed3c44fad3.tar.gz