Convert memset calls to OPENSSL_cleanse

Ensure things really do get cleared when we intend them to. Addresses an OCAP Audit issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-06-24 23:37:27 +0100
committer: Matt Caswell <matt@openssl.org> 2016-06-30 15:53:44 +0100
commit: cb5ebf961333896776fbce10ef88c2af7bec8aea (patch)
tree: 018aec53d940f46fd051dd7c0a25dc64d9d2cf3d /crypto/evp/digest.c
parent: 6ad8c48291622a6ccc51489b9a230c9a05ca5614 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index ee4296e467..4db179629d 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -285,7 +285,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         ctx->digest->cleanup(ctx);
         EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
     }
-    memset(ctx->md_data, 0, ctx->digest->ctx_size);
+    OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
     return ret;
 }
author	Matt Caswell <matt@openssl.org>	2016-06-24 23:37:27 +0100
committer	Matt Caswell <matt@openssl.org>	2016-06-30 15:53:44 +0100
commit	cb5ebf961333896776fbce10ef88c2af7bec8aea (patch)
tree	018aec53d940f46fd051dd7c0a25dc64d9d2cf3d /crypto/evp/digest.c
parent	6ad8c48291622a6ccc51489b9a230c9a05ca5614 (diff)