OPENSSL_clear_free instead of OPENSSL_free
ManSoSec opened this issue · comments
Mansour Ahmadi commented
It seems OPENSSL_clear_free
needs to be called instead of OPENSSL_free
here:
Line 475 in 1903a9b
As it has done here:
openssl/crypto/ec/ecdsa_ossl.c
Line 347 in 1903a9b
Nicola Tuveri commented
In the verify path nothing is secret, so actually we should use free instead of clear_free also in the ecdsa part!
Matt Caswell commented
Yes - agreed. OPENSSL_free
is sufficient. Still a bug - but in ecdsa_ossl.c not sm2_sign.c