projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: febb025)
hkdf zeroization fix
authorShane Lontis <shane.lontis@oracle.com>
Tue, 4 Sep 2018 04:01:37 +0000 (14:01 +1000)
committerPauli <paul.dale@oracle.com>
Tue, 4 Sep 2018 19:23:00 +0000 (05:23 +1000)
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7106)

(cherry picked from commit 64ed55ab033f1bfa795d46f0ecc61c313204b418)

crypto/kdf/hkdf.c patch | blob | history

diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
index 00b95b5a88403b26ad0a39c69a709e1ec169eea9..6d38a2fded375082137eeaf35ab6cafca59ccec8 100644 (file)
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -234,6 +234,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
                                   unsigned char *okm, size_t okm_len)
 {
     HMAC_CTX *hmac;
+    unsigned char *ret = NULL;
 
     unsigned int i;
 
@@ -283,11 +284,10 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
 
         done_len += copy_len;
     }
-
-    HMAC_CTX_free(hmac);
-    return okm;
+    ret = okm;
 
  err:
+    OPENSSL_cleanse(prev, sizeof(prev));
     HMAC_CTX_free(hmac);
-    return NULL;
+    return ret;
 }
Unnamed repository; edit this file 'description' to name the repository.