Commit b5b39779 authored by Shane Lontis's avatar Shane Lontis Committed by Pauli
Browse files

hkdf zeroization fix 



Reviewed-by: default avatarPaul Yang <yang.yang@baishancloud.com>
Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7106)

(cherry picked from commit 64ed55ab)
parent febb0250

crypto/kdf/hkdf.c

+4 −4
Original line number Diff line number Diff line
@@ -234,6 +234,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md, 
                                  unsigned char *okm, size_t okm_len)

{

    HMAC_CTX *hmac;

    unsigned char *ret = NULL;



    unsigned int i;
@@ -283,11 +284,10 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md, 


        done_len += copy_len;

    }



    HMAC_CTX_free(hmac);

    return okm;

    ret = okm;



 err:

    OPENSSL_cleanse(prev, sizeof(prev));

    HMAC_CTX_free(hmac);

    return NULL;

    return ret;

}