projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 827d17f)
Ensure HMAC key gets cleansed after use
authorMatt Caswell <matt@openssl.org>
Fri, 24 Jun 2016 09:31:08 +0000 (10:31 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 24 Jun 2016 12:25:00 +0000 (13:25 +0100)
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
crypto/evp/e_rc4_hmac_md5.c patch | blob | history

diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 28b12c7c26a899a5ca34d470609f84b8e311556d..832daef1789cbdd6cabb337c716d8736bc87f1ca 100644 (file)
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -213,6 +213,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
             MD5_Init(&key->tail);
             MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
 
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
             return 1;
         }
     case EVP_CTRL_AEAD_TLS1_AAD:
Unnamed repository; edit this file 'description' to name the repository.