From: Aydın Mercan <aydin@isc.org>
Date: Thu, 5 Feb 2026 12:01:52 +0000 (+0300)
Subject: wipe hmac keys correctly pre-3.0 libcrypto
X-Git-Tag: v9.21.19~38^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a531f00a755d6f0dd9d1c252a756707b2c3d3bd2;p=thirdparty%2Fbind9.git

wipe hmac keys correctly pre-3.0 libcrypto

A lingering `sizeof` from the prototype era of !11094 caused the
key-wipe in `isc_hmac_key_destroy` to use `sizeof(key->len)` instead of
`key->len` for the length argument of `isc_safe_memwipe`.

This results in a buffer overflow of zero bytes in HMAC keys that are
less than 4 bytes. As such, the overflow can only be visibile in keys
that are less than 32-bits, which is beyond broken and creating such
keys are only possible in testing.

Therefore, this change is *not* a security fix since the conditions are
never reachable in any imaginable deployment scenario.

Builds that use OpenSSL >=3.0 are unaffected as the `sizeof` was only
remaining in pre-3.0 builds.
---

diff --git a/lib/isc/crypto/ossl1_1.c b/lib/isc/crypto/ossl1_1.c
index f6720570950..c0645bcaa23 100644
--- a/lib/isc/crypto/ossl1_1.c
+++ b/lib/isc/crypto/ossl1_1.c
@@ -137,8 +137,7 @@ isc_hmac_key_destroy(isc_hmac_key_t **keyp) {
 
 	key->magic = 0x00;
 
-	isc_safe_memwipe(key->secret, sizeof(key->len));
-
+	isc_safe_memwipe(key->secret, key->len);
 	isc_mem_putanddetach(&key->mctx, key,
 			     STRUCT_FLEX_SIZE(key, secret, key->len));
 }