--- openssl-1.1.1l/crypto/fips/fips.c	
+++ openssl-1.1.1l/crypto/fips/fips.c	
@@ -350,6 +350,10 @@ static int FIPSCHECK_verify(const char *
         if (strcmp(hex, hmac) != 0) {
             rv = -1;
         }
+        if (hmaclen != 0) {
+            OPENSSL_cleanse(buf, hmaclen);
+            OPENSSL_cleanse(hex, hmaclen * 2 + 1);
+        }
         free(buf);
         free(hex);
     } else {
@@ -357,7 +360,11 @@ static int FIPSCHECK_verify(const char *
     }
 
  end:
+    if (n != 0)
+        OPENSSL_cleanse(hmac, n);
     free(hmac);
+    if (strlen(hmacpath) != 0)
+        OPENSSL_cleanse(hmacpath, strlen(hmacpath));
     free(hmacpath);
     fclose(hf);