Convert memset calls to OPENSSL_cleanse

Ensure things really do get cleared when we intend them to. Addresses an OCAP Audit issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-06-24 23:37:27 +0100
committer: Matt Caswell <matt@openssl.org> 2016-06-30 15:51:57 +0100
commit: 3ce2fdabe6e33952bf3011acf5b68107e6352603 (patch)
tree: 1db552127f77d0e0615ea2e3019183fd64b9e8dd /crypto/poly1305
parent: 6f4ae777f5100715a96b45355a1195c2efa96b4e (diff)
download: openssl-3ce2fdabe6e33952bf3011acf5b68107e6352603.zip
openssl-3ce2fdabe6e33952bf3011acf5b68107e6352603.tar.gz
openssl-3ce2fdabe6e33952bf3011acf5b68107e6352603.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c
index 55de19b..eec4d67 100644
--- a/crypto/poly1305/poly1305.c
+++ b/crypto/poly1305/poly1305.c
@@ -9,6 +9,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/crypto.h>
 
 #include "internal/poly1305.h"
 
@@ -545,7 +546,7 @@ void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16])
     poly1305_emit(ctx->opaque, mac, ctx->nonce);
 
     /* zero out the state */
-    memset(ctx, 0, sizeof(*ctx));
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
 }
 
 #ifdef SELFTEST
author	Matt Caswell <matt@openssl.org>	2016-06-24 23:37:27 +0100
committer	Matt Caswell <matt@openssl.org>	2016-06-30 15:51:57 +0100
commit	3ce2fdabe6e33952bf3011acf5b68107e6352603 (patch)
tree	1db552127f77d0e0615ea2e3019183fd64b9e8dd /crypto/poly1305
parent	6f4ae777f5100715a96b45355a1195c2efa96b4e (diff)
download	openssl-3ce2fdabe6e33952bf3011acf5b68107e6352603.zip openssl-3ce2fdabe6e33952bf3011acf5b68107e6352603.tar.gz openssl-3ce2fdabe6e33952bf3011acf5b68107e6352603.tar.bz2