e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.

author Andy Polyakov <appro@openssl.org>

Sun, 3 Feb 2013 19:04:39 +0000 (20:04 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 6 Feb 2013 13:56:15 +0000 (13:56 +0000)
author Andy Polyakov <appro@openssl.org>
Sun, 3 Feb 2013 19:04:39 +0000 (20:04 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 6 Feb 2013 13:56:15 +0000 (13:56 +0000)
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c

index 18fc9210104d69a204d73e8ae8a5aab734e1b8d8..b7aff44d2802dc53f14ac58de75ef1d889dd9a51 100644 (file)
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -474,6 +474,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
                 SHA1_Init(&key->tail);
                 SHA1_Update(&key->tail,hmac_key,sizeof(hmac_key));
  
+               OPENSSL_cleanse(hmac_key,sizeof(hmac_key));
+
                 return 1;
                 }
         case EVP_CTRL_AEAD_TLS1_AAD:
author	Andy Polyakov <appro@openssl.org>
	Sun, 3 Feb 2013 19:04:39 +0000 (20:04 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 6 Feb 2013 13:56:15 +0000 (13:56 +0000)