e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.
authorAndy Polyakov <appro@openssl.org>
Sun, 3 Feb 2013 19:04:39 +0000 (20:04 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 6 Feb 2013 14:19:11 +0000 (14:19 +0000)
(cherry picked from commit 529d27ea472fc2c7ba9190a15a58cb84012d4ec6)

crypto/evp/e_aes_cbc_hmac_sha1.c

index 310ecf5..4650ea0 100644 (file)
@@ -473,6 +473,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
                SHA1_Init(&key->tail);
                SHA1_Update(&key->tail,hmac_key,sizeof(hmac_key));
 
+               OPENSSL_cleanse(hmac_key,sizeof(hmac_key));
+
                return 1;
                }
        case EVP_CTRL_AEAD_TLS1_AAD: