From 6155cf7bfd858311b1886870071239d0493780d7 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 12 May 2022 19:24:38 +0000
Subject: Use freezero() with ASN1_ENCODING.

While ASN1_ENCODING is currently only used with types that should only
contain public information, we assume that ASN.1 may contain sensitive
information, hence use freezero() here instead of free().

ok deraadt@ tb@
---
 src/lib/libcrypto/asn1/tasn_utl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c
index 4ef4232c7e..e3b2c9e4dc 100644
--- a/src/lib/libcrypto/asn1/tasn_utl.c
+++ b/src/lib/libcrypto/asn1/tasn_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_utl.c,v 1.14 2022/05/10 05:19:23 jsing Exp $ */
+/* $OpenBSD: tasn_utl.c,v 1.15 2022/05/12 19:24:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -153,7 +153,7 @@ asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 
 	enc = asn1_get_enc_ptr(pval, it);
 	if (enc) {
-		free(enc->enc);
+		freezero(enc->enc, enc->len);
 		enc->enc = NULL;
 		enc->len = 0;
 		enc->modified = 1;
@@ -170,7 +170,7 @@ asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
 	if (!enc)
 		return 1;
 
-	free(enc->enc);
+	freezero(enc->enc, enc->len);
 	enc->enc = malloc(inlen);
 	if (!enc->enc)
 		return 0;
-- 
cgit v1.2.3-55-g6feb