Cleanse PKCS#8 private key components.

New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891d4bfd18f224777aed1fbb172504421f1)

1 files changed, 4 insertions, 4 deletions

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index f32d3769e2..1d573a46ce 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -240,7 +240,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
 
     EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
 
-    ASN1_INTEGER_free(privkey);
+    ASN1_STRING_clear_free(privkey);
 
     return 1;
 
@@ -248,7 +248,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
     DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
  dherr:
     DH_free(dh);
-    ASN1_INTEGER_free(privkey);
+    ASN1_STRING_clear_free(privkey);
     return 0;
 }
 
@@ -283,7 +283,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 
     dplen = i2d_ASN1_INTEGER(prkey, &dp);
 
-    ASN1_INTEGER_free(prkey);
+    ASN1_STRING_clear_free(prkey);
     prkey = NULL;
 
     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
@@ -298,7 +298,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
     if (params != NULL)
         ASN1_STRING_free(params);
     if (prkey != NULL)
-        ASN1_INTEGER_free(prkey);
+        ASN1_STRING_clear_free(prkey);
     return 0;
 }