Fix an information leak in the RSA padding check code.

The memory blocks contain secret data and must be cleared before returning to the system heap. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4062) (cherry picked from commit e670db0183079b5f6325ce2abd9d785e0f966890)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2017-07-31 20:52:43 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2017-07-31 21:50:31 +0200
commit: 09f87aa6a14f518c2fdf7170462b594c24a7c527 (patch)
tree: db6747a7e7d0340fdca5594a593ac1d31a6577df /crypto/rsa/rsa_pk1.c
parent: e118487fee21ebdd959fe514be6b5c121462e272 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index 5bc91c46d5..aeeb32c2dc 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -235,7 +235,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
     memcpy(to, em + msg_index, mlen);
 
  err:
-    OPENSSL_free(em);
+    OPENSSL_clear_free(em, num);
     if (mlen == -1)
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
                RSA_R_PKCS_DECODING_ERROR);
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2017-07-31 20:52:43 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2017-07-31 21:50:31 +0200
commit	09f87aa6a14f518c2fdf7170462b594c24a7c527 (patch)
tree	db6747a7e7d0340fdca5594a593ac1d31a6577df /crypto/rsa/rsa_pk1.c
parent	e118487fee21ebdd959fe514be6b5c121462e272 (diff)