From 5c6c15220a7e970aac11fa66536d5d30ed773809 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 5 May 2022 19:44:23 +0000 Subject: [PATCH] Securely wipe the entire HKDF_PKEY_CTX instead of only taking care of a piece of the embedded info array. ok jsing --- lib/libcrypto/kdf/hkdf_evp.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/libcrypto/kdf/hkdf_evp.c b/lib/libcrypto/kdf/hkdf_evp.c index a819e380812..b334c4a32dc 100644 --- a/lib/libcrypto/kdf/hkdf_evp.c +++ b/lib/libcrypto/kdf/hkdf_evp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hkdf_evp.c,v 1.15 2022/05/05 11:26:36 tb Exp $ */ +/* $OpenBSD: hkdf_evp.c,v 1.16 2022/05/05 19:44:23 tb Exp $ */ /* ==================================================================== * Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved. * @@ -93,8 +93,7 @@ pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) freezero(kctx->salt, kctx->salt_len); freezero(kctx->key, kctx->key_len); - explicit_bzero(kctx->info, kctx->info_len); - free(kctx); + freezero(kctx, sizeof(*kctx)); } static int @@ -219,8 +218,7 @@ pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx) freezero(kctx->key, kctx->key_len); freezero(kctx->salt, kctx->salt_len); - explicit_bzero(kctx->info, kctx->info_len); - memset(kctx, 0, sizeof(*kctx)); + explicit_bzero(kctx, sizeof(*kctx)); return 1; } -- 2.20.1