e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.

(cherry picked from commit 529d27ea472fc2c7ba9190a15a58cb84012d4ec6)
author: Andy Polyakov <appro@openssl.org> 2013-02-03 20:04:39 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-02-06 13:56:15 +0000
commit: af010edd5528176cd39d024dc078f0a541043502 (patch)
tree: 940d31f6f247ea2ff469c28bd2e3ca2ba8d35356 /crypto/evp
parent: 5966f4d973fc87dbf6bc7f86c5b95cf4e63cec84 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 18fc921010..b7aff44d28 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -474,6 +474,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
 		SHA1_Init(&key->tail);
 		SHA1_Update(&key->tail,hmac_key,sizeof(hmac_key));
 
+		OPENSSL_cleanse(hmac_key,sizeof(hmac_key));
+
 		return 1;
 		}
 	case EVP_CTRL_AEAD_TLS1_AAD:
author	Andy Polyakov <appro@openssl.org>	2013-02-03 20:04:39 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-02-06 13:56:15 +0000
commit	af010edd5528176cd39d024dc078f0a541043502 (patch)
tree	940d31f6f247ea2ff469c28bd2e3ca2ba8d35356 /crypto/evp
parent	5966f4d973fc87dbf6bc7f86c5b95cf4e63cec84 (diff)