kdf_pbkdf1_do_derive stores key derivation information in a stack
variable, which is left uncleansed prior to returning. Ensure that the
stack information is zeroed prior to return to avoid potential leaks of
key information
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23194)
(cherry picked from commit
5963aa8c196d7c5a940a979299a07418527932af)
memcpy(out, md_tmp, n);
ret = 1;
err:
+ OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
EVP_MD_CTX_free(ctx);
return ret;
}