Browse Source

hkdf zeroization fix

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7106)
master
Shane Lontis 4 years ago
committed by Pauli
parent
commit
64ed55ab03
1 changed files with 4 additions and 4 deletions
  1. +4
    -4
      crypto/kdf/hkdf.c

+ 4
- 4
crypto/kdf/hkdf.c View File

@ -281,6 +281,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
unsigned char *okm, size_t okm_len)
{
HMAC_CTX *hmac;
unsigned char *ret = NULL;
unsigned int i;
@ -330,11 +331,10 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
done_len += copy_len;
}
HMAC_CTX_free(hmac);
return okm;
ret = okm;
err:
OPENSSL_cleanse(prev, sizeof(prev));
HMAC_CTX_free(hmac);
return NULL;
return ret;
}

Loading…
Cancel
Save