Browse Source

Reset the HKDF state between operations

Fixes #7497

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7501)
master
Matt Caswell 4 years ago
parent
commit
ca55d70be0
1 changed files with 13 additions and 1 deletions
  1. +13
    -1
      crypto/kdf/hkdf.c

+ 13
- 1
crypto/kdf/hkdf.c View File

@ -175,6 +175,18 @@ static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
return -2;
}
static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
{
HKDF_PKEY_CTX *kctx = ctx->data;
OPENSSL_clear_free(kctx->key, kctx->key_len);
OPENSSL_clear_free(kctx->salt, kctx->salt_len);
OPENSSL_cleanse(kctx->info, kctx->info_len);
memset(kctx, 0, sizeof(*kctx));
return 1;
}
static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
@ -236,7 +248,7 @@ const EVP_PKEY_METHOD hkdf_pkey_meth = {
0, 0,
0,
pkey_hkdf_derive_init,
pkey_hkdf_derive,
pkey_hkdf_ctrl,
pkey_hkdf_ctrl_str


Loading…
Cancel
Save