SHA256
1
0
forked from pool/openssl-1_1
openssl-1_1/openssl-1_1-Zeroization.patch

26 lines
675 B
Diff

--- openssl-1.1.1l/crypto/fips/fips.c
+++ openssl-1.1.1l/crypto/fips/fips.c
@@ -350,6 +350,10 @@ static int FIPSCHECK_verify(const char *
if (strcmp(hex, hmac) != 0) {
rv = -1;
}
+ if (hmaclen != 0) {
+ OPENSSL_cleanse(buf, hmaclen);
+ OPENSSL_cleanse(hex, hmaclen * 2 + 1);
+ }
free(buf);
free(hex);
} else {
@@ -357,7 +360,11 @@ static int FIPSCHECK_verify(const char *
}
end:
+ if (n != 0)
+ OPENSSL_cleanse(hmac, n);
free(hmac);
+ if (strlen(hmacpath) != 0)
+ OPENSSL_cleanse(hmacpath, strlen(hmacpath));
free(hmacpath);
fclose(hf);