src: make minor improvements to SecureBuffer

Remove an unnecessary static_cast<char*>(). Use OPENSSL_secure_zalloc() instead of OPENSSL_secure_malloc() + memset(). Update the comment describing the function which predates support for OpenSSL's secure heap. PR-URL: #44302 Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
nodejs · Sep 5, 2022 · 6857ee8 · 6857ee8
1 parent 1cdccbc
commit 6857ee8
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
@@ -674,22 +674,21 @@ CryptoJobMode GetCryptoJobMode(v8::Local<v8::Value> args) {
 }
 
 namespace {
-// SecureBuffer uses openssl to allocate a Uint8Array using
-// OPENSSL_secure_malloc. Because we do not yet actually
-// make use of secure heap, this has the same semantics as
+// SecureBuffer uses OPENSSL_secure_malloc to allocate a Uint8Array.
+// Without --secure-heap, OpenSSL's secure heap is disabled,
+// in which case this has the same semantics as
 // using OPENSSL_malloc. However, if the secure heap is
 // initialized, SecureBuffer will automatically use it.
 void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
   CHECK(args[0]->IsUint32());
   Environment* env = Environment::GetCurrent(args);
   uint32_t len = args[0].As<Uint32>()->Value();
-  char* data = static_cast<char*>(OPENSSL_secure_malloc(len));
+  void* data = OPENSSL_secure_zalloc(len);
   if (data == nullptr) {
     // There's no memory available for the allocation.
     // Return nothing.
     return;
   }
-  memset(data, 0, len);
   std::shared_ptr<BackingStore> store =
       ArrayBuffer::NewBackingStore(
           data,