From 016ebe2d0e09b2f21d61eba2f8960c0f4fffaeea Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Wed, 2 Aug 2017 14:26:22 -0400
Subject: [PATCH] OPENSSL_cleanse some buffers.

See upstream's 5292833132cc863b66574fe2bbf55e4b2eff7949. Syncing just to
reduce the diff for the time being.

Change-Id: I0992d538b283d7348ef1d993973291f5416edce6
Reviewed-on: https://boringssl-review.googlesource.com/18804
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
---
 crypto/pem/pem_pk8.c  | 1 +
 crypto/pem/pem_pkey.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 550661d6..15385eca 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -176,6 +176,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     }
     p8inf = PKCS8_decrypt(p8, psbuf, klen);
     X509_SIG_free(p8);
+    OPENSSL_cleanse(psbuf, klen);
     if (!p8inf)
         return NULL;
     ret = EVP_PKCS82PKEY(p8inf);
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 058c0311..96675509 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -114,6 +114,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
         }
         p8inf = PKCS8_decrypt(p8, psbuf, klen);
         X509_SIG_free(p8);
+        OPENSSL_cleanse(psbuf, klen);
         if (!p8inf)
             goto p8err;
         ret = EVP_PKCS82PKEY(p8inf);