The branch OpenSSL_1_0_2-stable has been updated
via 1bb0918c3d272900612d15781bb26c20b6a87601 (commit)
from bd598cc405e981de259a07558e600b5a9ef64bd6 (commit)
- Log -----------------------------------------------------------------
commit 1bb0918c3d272900612d15781bb26c20b6a87601
Author: Matt Caswell <m...@openssl.org>
Date: Fri Jun 24 10:31:08 2016 +0100
Ensure HMAC key gets cleansed after use
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.
Fixes an OCAP Audit issue.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
(cherry picked from commit 0def528bc502a888a3f4ef3c38ea4c5e69fd7375)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/e_rc4_hmac_md5.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 2da1117..ba5979d 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -254,6 +254,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type,
int arg,
MD5_Init(&key->tail);
MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
+ OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
return 1;
}
case EVP_CTRL_AEAD_TLS1_AAD:
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
