On Tue, Feb 22, 2022 at 02:01:26PM +0100, Theo Buehler wrote: > EVP_PKEY_set1_EC_KEY() bumps eckey's refcount (that's what "set1" means), > so eckey isn't freed when pkey is freed at the end of keyproc() or > acctproc() (which means that secret data isn't wiped). Moving the > freeing of eckey to the end of ec_key_create() decrements the refcount > again which should fix this. > > I don't currently have an easy way to test this, so I would appreciate > if someone could try this.
I agree with the diff and tested this with a ecdsa domain key. No problem found. OK claudio@ > Index: key.c > =================================================================== > RCS file: /cvs/src/usr.sbin/acme-client/key.c,v > retrieving revision 1.5 > diff -u -p -r1.5 key.c > --- key.c 22 Feb 2022 12:38:30 -0000 1.5 > +++ key.c 22 Feb 2022 12:51:32 -0000 > @@ -116,10 +116,10 @@ ec_key_create(FILE *f, const char *fname > goto out; > > err: > - EC_KEY_free(eckey); > EVP_PKEY_free(pkey); > pkey = NULL; > out: > + EC_KEY_free(eckey); > return pkey; > } > > -- :wq Claudio
