diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2018-09-04 14:01:37 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2018-09-05 05:21:46 +1000 |
commit | 64ed55ab033f1bfa795d46f0ecc61c313204b418 (patch) | |
tree | 4bbb8dbed9b5b5f9e245c062cfe048c7cec4ff9d /crypto/kdf | |
parent | f5cee414fa8e7e9a088d8d5ebe641f368df20801 (diff) | |
download | openssl-new-64ed55ab033f1bfa795d46f0ecc61c313204b418.tar.gz |
hkdf zeroization fix
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7106)
Diffstat (limited to 'crypto/kdf')
-rw-r--r-- | crypto/kdf/hkdf.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index baaa16f0b7..ec6090ad6a 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -281,6 +281,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md, unsigned char *okm, size_t okm_len) { HMAC_CTX *hmac; + unsigned char *ret = NULL; unsigned int i; @@ -330,11 +331,10 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md, done_len += copy_len; } - - HMAC_CTX_free(hmac); - return okm; + ret = okm; err: + OPENSSL_cleanse(prev, sizeof(prev)); HMAC_CTX_free(hmac); - return NULL; + return ret; } |