[ruby/openssl] kdf: fix wrong OPENSSL_cleanse() calls

Embarrassingly, the previous commits introduced OPENSSL_cleanse() calls against the temporary struct instead of the buffer content. Thanks to nagachika for noticing. https://github.com/ruby/openssl/commit/8eca3efad4
author: Kazuki Yamaguchi <k@rhe.jp> 2026-04-08 21:52:33 +0900
committer: git <svn-admin@ruby-lang.org> 2026-04-08 13:00:08 +0000
commit: 7209523ffd909ed1914f4ec2544d327a950b19d2 (patch)
tree: e1fe903624414320d718e231ffa4e39e10247ca0
parent: a5c9e840559d442920e2be212ef14654679092f4 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/openssl/ossl_kdf.c b/ext/openssl/ossl_kdf.c
index ab2b6bba0a..f70b7f6cf9 100644
--- a/ext/openssl/ossl_kdf.c
+++ b/ext/openssl/ossl_kdf.c
@@ -92,7 +92,7 @@ kdf_pbkdf2_hmac(int argc, VALUE *argv, VALUE self)
     memcpy(args.salt, RSTRING_PTR(salt), saltlen);
     if (!rb_thread_call_without_gvl(pbkdf2_hmac_nogvl, &args, NULL, NULL))
         ossl_raise(eKDF, "PKCS5_PBKDF2_HMAC");
-    OPENSSL_cleanse(&args.pass, passlen);
+    OPENSSL_cleanse(args.pass, passlen);
     ALLOCV_END(pass_tmp);
     ALLOCV_END(salt_tmp);
     return str;
@@ -200,7 +200,7 @@ kdf_scrypt(int argc, VALUE *argv, VALUE self)
     memcpy(args.salt, RSTRING_PTR(salt), saltlen);
     if (!rb_thread_call_without_gvl(scrypt_nogvl, &args, NULL, NULL))
         ossl_raise(eKDF, "EVP_PBE_scrypt");
-    OPENSSL_cleanse(&args.pass, passlen);
+    OPENSSL_cleanse(args.pass, passlen);
     ALLOCV_END(pass_tmp);
     ALLOCV_END(salt_tmp);
     return str;
author	Kazuki Yamaguchi <k@rhe.jp>	2026-04-08 21:52:33 +0900
committer	git <svn-admin@ruby-lang.org>	2026-04-08 13:00:08 +0000
commit	7209523ffd909ed1914f4ec2544d327a950b19d2 (patch)
tree	e1fe903624414320d718e231ffa4e39e10247ca0
parent	a5c9e840559d442920e2be212ef14654679092f4 (diff)