diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
--- a/lib/freebl/shvfy.c
+++ b/lib/freebl/shvfy.c
@@ -508,29 +508,44 @@ loser:
PR_Close(shFD);
}
if (hashcx != NULL) {
if (hashObj) {
hashObj->destroy(hashcx, PR_TRUE);
}
}
if (signature.data != NULL) {
- SECITEM_ZfreeItem(&signature, PR_FALSE);
+ /* can't use SECITEM_ZfreeItem on rhel7 because rhel7
+ * supports util-free softoken for hash operations */
+ PORT_Memset(signature.data, 0, signature.len);
+ PORT_Free(signature.data);
}
if (key.params.prime.data != NULL) {
- SECITEM_ZfreeItem(&key.params.prime, PR_FALSE);
+ /* can't use SECITEM_ZfreeItem on rhel7 because rhel7
+ * supports util-free softoken for hash operations */
+ PORT_Memset(key.params.prime.data, 0, key.params.prime.len);
+ PORT_Free(key.params.prime.data);
}
if (key.params.subPrime.data != NULL) {
- SECITEM_ZfreeItem(&key.params.subPrime, PR_FALSE);
+ /* can't use SECITEM_ZfreeItem on rhel7 because rhel7
+ * supports util-free softoken for hash operations */
+ PORT_Memset(key.params.subPrime.data, 0, key.params.subPrime.len);
+ PORT_Free(key.params.subPrime.data);
}
if (key.params.base.data != NULL) {
- SECITEM_ZfreeItem(&key.params.base, PR_FALSE);
+ /* can't use SECITEM_ZfreeItem on rhel7 because rhel7
+ * supports util-free softoken for hash operations */
+ PORT_Memset(key.params.base.data, 0, key.params.base.len);
+ PORT_Free(key.params.base.data);
}
if (key.publicValue.data != NULL) {
- SECITEM_ZfreeItem(&key.publicValue, PR_FALSE);
+ /* can't use SECITEM_ZfreeItem on rhel7 because rhel7
+ * supports util-free softoken for hash operations */
+ PORT_Memset(key.publicValue.data, 0, key.publicValue.len);
+ PORT_Free(key.publicValue.data);
}
return result;
}
PRBool
BLAPI_VerifySelf(const char *name)
{