The branch OpenSSL_1_1_0-stable has been updated
via b5b39779f3dfe811a64899bd8b33397647dda57a (commit)
from febb025068f6c74f6776cc7faf1a8bcd55138f87 (commit)
- Log -----------------------------------------------------------------
commit b5b39779f3dfe811a64899bd8b33397647dda57a
Author: Shane Lontis <shane.lon...@oracle.com>
Date: Tue Sep 4 14:01:37 2018 +1000
hkdf zeroization fix
Reviewed-by: Paul Yang <yang.y...@baishancloud.com>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7106)
(cherry picked from commit 64ed55ab033f1bfa795d46f0ecc61c313204b418)
-----------------------------------------------------------------------
Summary of changes:
crypto/kdf/hkdf.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
index 00b95b5..6d38a2f 100644
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -234,6 +234,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
unsigned char *okm, size_t okm_len)
{
HMAC_CTX *hmac;
+ unsigned char *ret = NULL;
unsigned int i;
@@ -283,11 +284,10 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
done_len += copy_len;
}
-
- HMAC_CTX_free(hmac);
- return okm;
+ ret = okm;
err:
+ OPENSSL_cleanse(prev, sizeof(prev));
HMAC_CTX_free(hmac);
- return NULL;
+ return ret;
}
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
