#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
#include <stdio.h>
#include <stdlib.h>
+#include "cryptlib.h"
#include <openssl/x509.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
-#include "cryptlib.h"
/* set this to print out info about the keygen algorithm */
/* #define DEBUG_PKCS5V2 */
goto err;
}
keylen = EVP_CIPHER_CTX_key_length(ctx);
+ OPENSSL_assert(keylen <= sizeof key);
/* Now decode key derivation function */
iter = ASN1_INTEGER_get(kdf->iter);
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
- memset(key, 0, keylen);
+ OPENSSL_cleanse(key, keylen);
PBKDF2PARAM_free(kdf);
return 1;