lib/openssl/UniqueBN: add "clear" template parameter

CM4all · Oct 25, 2023 · 49a8b8c · 49a8b8c
1 parent fb4a9e8
commit 49a8b8c
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/src/lib/openssl/UniqueBN.hxx b/src/lib/openssl/UniqueBN.hxx
@@ -8,10 +8,19 @@
 
 #include <memory>
 
+/**
+ * @param clear clear memory before freeing it; use this for sensitive
+ * values such as private keys
+ */
+template<bool clear>
 struct BNDeleter {
 	void operator()(BIGNUM *bn) noexcept {
-		BN_free(bn);
+		if (clear)
+			BN_clear_free(bn);
+		else
+			BN_free(bn);
 	}
 };
 
-using UniqueBIGNUM = std::unique_ptr<BIGNUM, BNDeleter>;
+template<bool clear>
+using UniqueBIGNUM = std::unique_ptr<BIGNUM, BNDeleter<clear>>;