]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 69d0d93)
fips: zeroize temporary self-check out MD variable
authorDimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Thu, 14 Nov 2024 04:38:27 +0000 (04:38 +0000)
committerTomas Mraz <tomas@openssl.org>
Fri, 22 Nov 2024 13:24:59 +0000 (14:24 +0100)
At least this is done on module startup only.

To satisfy ISO/IEC 19790:2012/Cor.1:2015(E) Section 7.5 [05.10]
requirement.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25945)

providers/fips/self_test.c patch | blob | blame | history

diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index 551fadecdec8c0fac0bb5a9bff05d72bff8fbc3b..f4fd3f51ae32398df34d7d27bce585f234a5c3e5 100644 (file)
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -289,6 +289,7 @@ err:
     OSSL_SELF_TEST_onend(ev, ret);
     EVP_MAC_CTX_free(ctx);
     EVP_MAC_free(mac);
+    OPENSSL_cleanse(out, sizeof(out));
     return ret;
 }
 #endif /* OPENSSL_NO_FIPS_POST */
Mirror of https://github.com/openssl/openssl.git