e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.

author Andy Polyakov <appro@openssl.org>

Sun, 3 Feb 2013 19:04:39 +0000 (20:04 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 6 Feb 2013 14:19:11 +0000 (14:19 +0000)
author Andy Polyakov <appro@openssl.org>
Sun, 3 Feb 2013 19:04:39 +0000 (20:04 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 6 Feb 2013 14:19:11 +0000 (14:19 +0000)
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c

index 310ecf58d6f79eadee83bd4a093cab97c4aa4a61..4650ea0d64d03f4df3ee2b010c3bb3b9605aff6b 100644 (file)
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -473,6 +473,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
                 SHA1_Init(&key->tail);
                 SHA1_Update(&key->tail,hmac_key,sizeof(hmac_key));
  
+               OPENSSL_cleanse(hmac_key,sizeof(hmac_key));
+
                 return 1;
                 }
         case EVP_CTRL_AEAD_TLS1_AAD:
author	Andy Polyakov <appro@openssl.org>
	Sun, 3 Feb 2013 19:04:39 +0000 (20:04 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 6 Feb 2013 14:19:11 +0000 (14:19 +0000)