From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 8 Jan 2016 11:30:18 +0000 (+0100)
Subject: Clear the OpenSSL BN holding the private key before releasing them
X-Git-Tag: dnsdist-1.0.0-alpha2~111^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8a0010a96dadedfb8f337ce94b33a47bd7d2d25e;p=pdns

Clear the OpenSSL BN holding the private key before releasing them
---

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index 5f116b049..1c5278c08 100644
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -244,24 +244,24 @@ void OpenSSLECDSADNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::m
 
   int ret = EC_KEY_set_private_key(d_eckey, prv_key);
   if (ret != 1) {
-    BN_free(prv_key);
+    BN_clear_free(prv_key);
     throw runtime_error(getName()+" setting private key failed");
   }
 
   EC_POINT *pub_key = EC_POINT_new(d_ecgroup);
   if (pub_key == NULL) {
-    BN_free(prv_key);
+    BN_clear_free(prv_key);
     throw runtime_error(getName()+" allocation of public key point failed");
   }
 
   ret = EC_POINT_mul(d_ecgroup, pub_key, prv_key, NULL, NULL, d_ctx);
   if (ret != 1) {
     EC_POINT_free(pub_key);
-    BN_free(prv_key);
+    BN_clear_free(prv_key);
     throw runtime_error(getName()+" computing public key from private failed");
   }
 
-  BN_free(prv_key);
+  BN_clear_free(prv_key);
 
   ret = EC_KEY_set_public_key(d_eckey, pub_key);
   if (ret != 1) {