1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 4a4ff340ce..0060a2ea3d 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                        M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
                        }
                OPENSSL_free(tmp);
-                memset(key, 0, keylen);
+                OPENSSL_cleanse(key, keylen);
                if (out == NULL)
                        out=btmp;
@@ -448,7 +448,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                } 
                EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
-                memset(tmp,0,jj);
+                OPENSSL_cleanse(tmp,jj);
                if (out == NULL)
                        out=etmp;
@@ -578,7 +578,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                        /* We now have the EVP_MD_CTX, lets do the
                         * signing. */
                        EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
-                        if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+                        if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
                                {
                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
                                goto err;

diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 4a4ff340ce..0060a2ea3d 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -241,7 +241,7 @@ BIO PKCS7_dataInit(PKCS7 p7, BIO *bio)
241	M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);	241	M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
242	}	242	}
243	OPENSSL_free(tmp);	243	OPENSSL_free(tmp);
244	memset(key, 0, keylen);	244	OPENSSL_cleanse(key, keylen);
245		245
246	if (out == NULL)	246	if (out == NULL)
247	out=btmp;	247	out=btmp;
@@ -448,7 +448,7 @@ BIO PKCS7_dataDecode(PKCS7 p7, EVP_PKEY pkey, BIO in_bio, X509 *pcert)
448	}	448	}
449	EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);	449	EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
450		450
451	memset(tmp,0,jj);	451	OPENSSL_cleanse(tmp,jj);
452		452
453	if (out == NULL)	453	if (out == NULL)
454	out=etmp;	454	out=etmp;
@@ -578,7 +578,7 @@ int PKCS7_dataFinal(PKCS7 p7, BIO bio)
578	/* We now have the EVP_MD_CTX, lets do the	578	/* We now have the EVP_MD_CTX, lets do the
579	* signing. */	579	* signing. */
580	EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);	580	EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
581	if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))	581	if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
582	{	582	{
583	PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);	583	PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
584	goto err;	584	goto err;