diff options
| author |   tim <tim@openbsd.org> | 2019-11-21 20:01:06 +0000 |
|---|---|---|
| committer | tim <tim@openbsd.org> | 2019-11-21 20:01:06 +0000 |
| commit | 539430b6c5e14383bdbfd927cbeed6ccacfe7e57 (patch) | |
| tree | 335a80ebc6695268ed026bb3399f3c1f5a39f4cf | |
| parent | We do not send lifetimes or source in DNS proposals. (diff) | |
| download | wireguard-openbsd-539430b6c5e14383bdbfd927cbeed6ccacfe7e57.tar.xz wireguard-openbsd-539430b6c5e14383bdbfd927cbeed6ccacfe7e57.zip | |
Use explicit_bzero() to clear key material
OK tb@ tedu@
| -rw-r--r-- | lib/libcrypto/hkdf/hkdf.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libcrypto/hkdf/hkdf.c b/lib/libcrypto/hkdf/hkdf.c index fa1dfeb067d..2327bdf6254 100644 --- a/lib/libcrypto/hkdf/hkdf.c +++ b/lib/libcrypto/hkdf/hkdf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hkdf.c,v 1.2 2018/04/03 13:33:53 tb Exp $ */ +/* $OpenBSD: hkdf.c,v 1.3 2019/11/21 20:01:06 tim Exp $ */ /* Copyright (c) 2014, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any @@ -111,6 +111,7 @@ HKDF_expand(uint8_t *out_key, size_t out_len, out: HMAC_CTX_cleanup(&hmac); + explicit_bzero(previous, sizeof(previous)); if (ret != 1) CRYPTOerror(ERR_R_CRYPTO_LIB); return ret; |