EVP_PKEY_set1_EC_KEY() bumps eckey's refcount (that's what "set1" means),
so eckey isn't freed when pkey is freed at the end of keyproc() or
acctproc() (which means that secret data isn't wiped). Moving the
freeing of eckey to the end of ec_key_create() decrements the refcount
again which should fix this.
I don't currently have an easy way to test this, so I would appreciate
if someone could try this.
Index: key.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/key.c,v
retrieving revision 1.5
diff -u -p -r1.5 key.c
--- key.c 22 Feb 2022 12:38:30 -0000 1.5
+++ key.c 22 Feb 2022 12:51:32 -0000
@@ -116,10 +116,10 @@ ec_key_create(FILE *f, const char *fname
goto out;
err:
- EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
pkey = NULL;
out:
+ EC_KEY_free(eckey);
return pkey;
}
