Commit 0def528b authored by Matt Caswell's avatar Matt Caswell
Browse files

Ensure HMAC key gets cleansed after use 



aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent 827d17f0

crypto/evp/e_rc4_hmac_md5.c

+2 −0
Original line number Diff line number Diff line
@@ -213,6 +213,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 
            MD5_Init(&key->tail);

            MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));



            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));



            return 1;

        }

    case EVP_CTRL_AEAD_TLS1_AAD: