Ensure HMAC key gets cleansed after use

aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't. Fixes an OCAP Audit issue. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 0def528bc502a888a3f4ef3c38ea4c5e69fd7375)
author: Matt Caswell <matt@openssl.org> 2016-06-24 10:31:08 +0100
committer: Matt Caswell <matt@openssl.org> 2016-06-24 13:28:29 +0100
commit: 1bb0918c3d272900612d15781bb26c20b6a87601 (patch)
tree: b18c3a998b0267aea3379035b66dde6dbdb40cf5
parent: bd598cc405e981de259a07558e600b5a9ef64bd6 (diff)
download: openssl-1bb0918c3d272900612d15781bb26c20b6a87601.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 2da1117829..ba5979d47a 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -254,6 +254,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
             MD5_Init(&key->tail);
             MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
 
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
             return 1;
         }
     case EVP_CTRL_AEAD_TLS1_AAD:
author	Matt Caswell <matt@openssl.org>	2016-06-24 10:31:08 +0100
committer	Matt Caswell <matt@openssl.org>	2016-06-24 13:28:29 +0100
commit	1bb0918c3d272900612d15781bb26c20b6a87601 (patch)
tree	b18c3a998b0267aea3379035b66dde6dbdb40cf5
parent	bd598cc405e981de259a07558e600b5a9ef64bd6 (diff)
download	openssl-1bb0918c3d272900612d15781bb26c20b6a87601.tar.gz