From 0bdd867641c3ea3d68538d13cab621114d85493f Mon Sep 17 00:00:00 2001
From: tim <>
Date: Thu, 21 Nov 2019 20:01:06 +0000
Subject: Use explicit_bzero() to clear key material

OK tb@ tedu@
---
 src/lib/libcrypto/hkdf/hkdf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/hkdf/hkdf.c b/src/lib/libcrypto/hkdf/hkdf.c
index fa1dfeb067..2327bdf625 100644
--- a/src/lib/libcrypto/hkdf/hkdf.c
+++ b/src/lib/libcrypto/hkdf/hkdf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hkdf.c,v 1.2 2018/04/03 13:33:53 tb Exp $ */
+/* $OpenBSD: hkdf.c,v 1.3 2019/11/21 20:01:06 tim Exp $ */
 /* Copyright (c) 2014, Google Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -111,6 +111,7 @@ HKDF_expand(uint8_t *out_key, size_t out_len,
 
  out:
 	HMAC_CTX_cleanup(&hmac);
+	explicit_bzero(previous, sizeof(previous));
 	if (ret != 1)
 		CRYPTOerror(ERR_R_CRYPTO_LIB);
 	return ret;
-- 
cgit v1.2.3-55-g6feb