summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authortb <>2022-05-05 19:44:23 +0000
committertb <>2022-05-05 19:44:23 +0000
commite239b384c274bbb6164577a84ba7007abcae93c6 (patch)
tree383c4d85c5c27a34a2a5ecbd2ad57207363cdec5 /src/lib
parent042f0fcf9aec64b486e1a704c5fa90112a205cd6 (diff)
downloadopenbsd-e239b384c274bbb6164577a84ba7007abcae93c6.tar.gz
openbsd-e239b384c274bbb6164577a84ba7007abcae93c6.tar.bz2
openbsd-e239b384c274bbb6164577a84ba7007abcae93c6.zip
Securely wipe the entire HKDF_PKEY_CTX instead of only taking care of
a piece of the embedded info array. ok jsing
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libcrypto/kdf/hkdf_evp.c8
1 files changed, 3 insertions, 5 deletions
diff --git a/src/lib/libcrypto/kdf/hkdf_evp.c b/src/lib/libcrypto/kdf/hkdf_evp.c
index a819e38081..b334c4a32d 100644
--- a/src/lib/libcrypto/kdf/hkdf_evp.c
+++ b/src/lib/libcrypto/kdf/hkdf_evp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hkdf_evp.c,v 1.15 2022/05/05 11:26:36 tb Exp $ */ 1/* $OpenBSD: hkdf_evp.c,v 1.16 2022/05/05 19:44:23 tb Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -93,8 +93,7 @@ pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx)
93 93
94 freezero(kctx->salt, kctx->salt_len); 94 freezero(kctx->salt, kctx->salt_len);
95 freezero(kctx->key, kctx->key_len); 95 freezero(kctx->key, kctx->key_len);
96 explicit_bzero(kctx->info, kctx->info_len); 96 freezero(kctx, sizeof(*kctx));
97 free(kctx);
98} 97}
99 98
100static int 99static int
@@ -219,8 +218,7 @@ pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
219 218
220 freezero(kctx->key, kctx->key_len); 219 freezero(kctx->key, kctx->key_len);
221 freezero(kctx->salt, kctx->salt_len); 220 freezero(kctx->salt, kctx->salt_len);
222 explicit_bzero(kctx->info, kctx->info_len); 221 explicit_bzero(kctx, sizeof(*kctx));
223 memset(kctx, 0, sizeof(*kctx));
224 222
225 return 1; 223 return 1;
226} 224}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-29 18:48:32 +0000