Fix memory leak of key authorization

The engine never actually frees the memory allocated by the password input routines. This is not only a memory leak, but also a potential sensitive data leak, so fix this by doing a clear_free in the teardown routines if app_data->auth was set. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
author: James Bottomley <James.Bottomley@HansenPartnership.com> 2023-02-23 10:10:49 -0500
committer: James Bottomley <James.Bottomley@HansenPartnership.com> 2023-02-23 10:15:21 -0500
commit: 4dd8a85bd508c04fbb5f7f0d7ee558a6814e2b0a (patch)
tree: dbfaba75fd1dd76e998affd9238434d754f3d7ba
parent: b8563185df00693514ad4c5c4883b67049e96ea5 (diff)
download: openssl_tpm2_engine-4dd8a85bd508c04fbb5f7f0d7ee558a6814e2b0a.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/tpm2-common.c b/tpm2-common.c
index 1184d5a..17159ab 100644
--- a/tpm2-common.c
+++ b/tpm2-common.c
@@ -1921,6 +1921,9 @@ void tpm2_delete(struct app_data *app_data)
 	OPENSSL_free(app_data->priv);
 	OPENSSL_free(app_data->pub);
 
+	if (app_data->auth)
+		OPENSSL_clear_free(app_data->auth, strlen(app_data->auth));
+
 	tpm2_rm_keyfile(app_data->dir, app_data->parent);
 	/* if key was nv key, flush may not have removed file */
 	tpm2_rm_keyfile(app_data->dir, app_data->key);
author	James Bottomley <James.Bottomley@HansenPartnership.com>	2023-02-23 10:10:49 -0500
committer	James Bottomley <James.Bottomley@HansenPartnership.com>	2023-02-23 10:15:21 -0500
commit	4dd8a85bd508c04fbb5f7f0d7ee558a6814e2b0a (patch)
tree	dbfaba75fd1dd76e998affd9238434d754f3d7ba
parent	b8563185df00693514ad4c5c4883b67049e96ea5 (diff)
download	openssl_tpm2_engine-4dd8a85bd508c04fbb5f7f0d7ee558a6814e2b0a.tar.gz