Replace memset with OPENSSL_cleanse()

BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_cleanse() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson <steve@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-04-30 14:04:30 +0100
committer: Matt Caswell <matt@openssl.org> 2015-06-10 10:24:30 +0100
commit: 23cd01ef61ff9110850ee75c42ccb365ddc8a6ab (patch)
tree: 225bf3eb7604a9b0ef6fd6920567e44e63a1cca1 /crypto/buffer
parent: dcad51bc13c9b716d9a66248bcc4038c071ff158 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index d287e340a2..eff3e08157 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a)
         return;
 
     if (a->data != NULL) {
-        memset(a->data, 0, (unsigned int)a->max);
+        OPENSSL_cleanse(a->data, a->max);
         OPENSSL_free(a->data);
     }
     OPENSSL_free(a);
author	Matt Caswell <matt@openssl.org>	2015-04-30 14:04:30 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-10 10:24:30 +0100
commit	23cd01ef61ff9110850ee75c42ccb365ddc8a6ab (patch)
tree	225bf3eb7604a9b0ef6fd6920567e44e63a1cca1 /crypto/buffer
parent	dcad51bc13c9b716d9a66248bcc4038c071ff158 (diff)