key zeroisation fix for p12

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7109)

1 files changed, 9 insertions, 5 deletions

diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index a9e22026c3..02e529c044 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -75,6 +75,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                                                 unsigned char *out,
                                                 const EVP_MD *md_type))
 {
+    int ret = 0;
     const EVP_MD *md_type;
     HMAC_CTX *hmac = NULL;
     unsigned char key[EVP_MAX_MD_SIZE], *salt;
@@ -116,24 +117,27 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
         if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
                                      md_size, key, md_type)) {
             PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
-            return 0;
+            goto err;
         }
     } else
         if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
                                iter, md_size, key, md_type)) {
         PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
-        return 0;
+        goto err;
     }
     if ((hmac = HMAC_CTX_new()) == NULL
         || !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
         || !HMAC_Update(hmac, p12->authsafes->d.data->data,
                         p12->authsafes->d.data->length)
         || !HMAC_Final(hmac, mac, maclen)) {
-        HMAC_CTX_free(hmac);
-        return 0;
+        goto err;
     }
+    ret = 1;
+
+err:
+    OPENSSL_cleanse(key, sizeof(key));
     HMAC_CTX_free(hmac);
-    return 1;
+    return ret;
 }
 
 int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,