Ensure HMAC key gets cleansed after use

aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't. Fixes an OCAP Audit issue. Reviewed-by: N Andy Polyakov <appro@openssl.org>

Ensure HMAC key gets cleansed after use
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't. Fixes an OCAP Audit issue. Reviewed-by: N Andy Polyakov <appro@openssl.org>
0def528b · Matt Caswell · 827d17f0 · 0def528b
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

crypto/evp/e_rc4_hmac_md5.c crypto/evp/e_rc4_hmac_md5.c +2 -0

未找到文件。
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -213,6 +213,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
            MD5_Init(&key->tail);
            MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));

+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
            return 1;
        }
    case EVP_CTRL_AEAD_TLS1_AAD: