You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
77 lines
3.0 KiB
77 lines
3.0 KiB
diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc/ffc_params.c
|
|
--- openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero 2022-08-05 13:11:27.211413931 +0200
|
|
+++ openssl-3.0.1/crypto/ffc/ffc_params.c 2022-08-05 13:11:34.151475891 +0200
|
|
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa
|
|
|
|
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
|
|
{
|
|
- BN_free(params->p);
|
|
- BN_free(params->q);
|
|
- BN_free(params->g);
|
|
- BN_free(params->j);
|
|
+ BN_clear_free(params->p);
|
|
+ BN_clear_free(params->q);
|
|
+ BN_clear_free(params->g);
|
|
+ BN_clear_free(params->j);
|
|
OPENSSL_free(params->seed);
|
|
ossl_ffc_params_init(params);
|
|
}
|
|
diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rsa_lib.c
|
|
--- openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero 2022-08-05 13:08:31.875848536 +0200
|
|
+++ openssl-3.0.1/crypto/rsa/rsa_lib.c 2022-08-05 13:09:35.438416025 +0200
|
|
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
|
|
|
|
CRYPTO_THREAD_lock_free(r->lock);
|
|
|
|
- BN_free(r->n);
|
|
- BN_free(r->e);
|
|
+ BN_clear_free(r->n);
|
|
+ BN_clear_free(r->e);
|
|
BN_clear_free(r->d);
|
|
BN_clear_free(r->p);
|
|
BN_clear_free(r->q);
|
|
diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3.0.1/providers/implementations/kdfs/hkdf.c
|
|
--- openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero 2022-08-05 13:14:58.827303241 +0200
|
|
+++ openssl-3.0.1/providers/implementations/kdfs/hkdf.c 2022-08-05 13:16:24.530068399 +0200
|
|
@@ -116,7 +116,7 @@ static void kdf_hkdf_reset(void *vctx)
|
|
void *provctx = ctx->provctx;
|
|
|
|
ossl_prov_digest_reset(&ctx->digest);
|
|
- OPENSSL_free(ctx->salt);
|
|
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
|
|
OPENSSL_free(ctx->prefix);
|
|
OPENSSL_free(ctx->label);
|
|
OPENSSL_clear_free(ctx->data, ctx->data_len);
|
|
diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c
|
|
--- openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero 2022-08-05 13:12:40.552068717 +0200
|
|
+++ openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c 2022-08-05 13:13:34.324548799 +0200
|
|
@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct
|
|
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
|
|
{
|
|
ossl_prov_digest_reset(&ctx->digest);
|
|
- OPENSSL_free(ctx->salt);
|
|
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
|
|
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
|
|
memset(ctx, 0, sizeof(*ctx));
|
|
}
|
|
diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_lib.c
|
|
--- openssl-3.0.1/crypto/ec/ec_lib.c.fipszero 2022-08-05 13:48:32.221345774 +0200
|
|
+++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-08-05 13:49:16.138741452 +0200
|
|
@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g
|
|
|
|
void EC_POINT_free(EC_POINT *point)
|
|
{
|
|
+#ifdef FIPS_MODULE
|
|
+ EC_POINT_clear_free(point);
|
|
+#else
|
|
if (point == NULL)
|
|
return;
|
|
|
|
if (point->meth->point_finish != 0)
|
|
point->meth->point_finish(point);
|
|
OPENSSL_free(point);
|
|
+#endif
|
|
}
|
|
|
|
void EC_POINT_clear_free(EC_POINT *point)
|