Convert memset calls to OPENSSL_cleanse

Ensure things really do get cleared when we intend them to. Addresses an OCAP Audit issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-06-24 23:37:27 +0100
committer: Matt Caswell <matt@openssl.org> 2016-06-30 15:51:57 +0100
commit: 3ce2fdabe6e33952bf3011acf5b68107e6352603 (patch)
tree: 1db552127f77d0e0615ea2e3019183fd64b9e8dd /crypto/evp
parent: 6f4ae777f5100715a96b45355a1195c2efa96b4e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index c594a0a638..65eff7c8c1 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -36,7 +36,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_finish(ctx->engine);
 #endif
-    memset(ctx, 0, sizeof(*ctx));
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
 
     return 1;
 }
@@ -170,7 +170,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         ctx->digest->cleanup(ctx);
         EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
     }
-    memset(ctx->md_data, 0, ctx->digest->ctx_size);
+    OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
     return ret;
 }
author	Matt Caswell <matt@openssl.org>	2016-06-24 23:37:27 +0100
committer	Matt Caswell <matt@openssl.org>	2016-06-30 15:51:57 +0100
commit	3ce2fdabe6e33952bf3011acf5b68107e6352603 (patch)
tree	1db552127f77d0e0615ea2e3019183fd64b9e8dd /crypto/evp
parent	6f4ae777f5100715a96b45355a1195c2efa96b4e (diff)