[openssl] OpenSSL_1_1_1-stable update

Dr. Paul Dale pauli at openssl.org
Thu Nov 21 04:30:10 UTC 2019

The branch OpenSSL_1_1_1-stable has been updated
       via  cf5afa4d28bda819f431aa6d933413a72172ce4b (commit)
      from  1ae28ac78171207399b3cf725430ebc0052c67de (commit)

- Log -----------------------------------------------------------------
commit cf5afa4d28bda819f431aa6d933413a72172ce4b
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Nov 20 13:20:01 2019 +1000

    ECDSA: don't clear free memory after verify.
    Verifications are public, there is no need to clear the used storage before
    freeing it.
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10475)
    (cherry picked from commit cff7d199e0dc51ae939de5fb7702aab2a9ef30fc)


Summary of changes:
 crypto/ec/ecdsa_ossl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
index c6158616a2..1da87bfb5e 100644
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@@ -309,7 +309,7 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
         goto err;
     ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
-    OPENSSL_clear_free(der, derlen);
+    OPENSSL_free(der);
     return ret;

More information about the openssl-commits mailing list