public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cleanse stack variable in kdf_pbkdf1_do_derive

Browse source 
kdf_pbkdf1_do_derive stores key derivation information in a stack
variable, which is left uncleansed prior to returning.  Ensure that the
stack information is zeroed prior to return to avoid potential leaks of
key information

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23194)

(cherry picked from commit 5963aa8c19)
This commit is contained in:
Neil Horman 2024-01-03 13:47:05 -05:00
parent f645f242d7
commit b8ef67f8a3
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
providers/implementations/kdfs/pbkdf1.c
View file

@ -88,6 +88,7 @@ static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen,
memcpy(out, md_tmp, n);
ret = 1;
err:
OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
EVP_MD_CTX_free(ctx);
return ret;
}