From 8a0010a96dadedfb8f337ce94b33a47bd7d2d25e Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 8 Jan 2016 12:30:18 +0100
Subject: [PATCH] Clear the OpenSSL BN holding the private key before releasing
 them

---
 pdns/opensslsigners.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index 5f116b049..1c5278c08 100644
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -244,24 +244,24 @@ void OpenSSLECDSADNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::m
 
   int ret = EC_KEY_set_private_key(d_eckey, prv_key);
   if (ret != 1) {
-    BN_free(prv_key);
+    BN_clear_free(prv_key);
     throw runtime_error(getName()+" setting private key failed");
   }
 
   EC_POINT *pub_key = EC_POINT_new(d_ecgroup);
   if (pub_key == NULL) {
-    BN_free(prv_key);
+    BN_clear_free(prv_key);
     throw runtime_error(getName()+" allocation of public key point failed");
   }
 
   ret = EC_POINT_mul(d_ecgroup, pub_key, prv_key, NULL, NULL, d_ctx);
   if (ret != 1) {
     EC_POINT_free(pub_key);
-    BN_free(prv_key);
+    BN_clear_free(prv_key);
     throw runtime_error(getName()+" computing public key from private failed");
   }
 
-  BN_free(prv_key);
+  BN_clear_free(prv_key);
 
   ret = EC_KEY_set_public_key(d_eckey, pub_key);
   if (ret != 1) {
-- 
2.40.0