openssl/SOURCES/0109-fips-Zeroize-out-in-fips-selftest.patch

27 lines
788 B
Diff

From 9dbc6069665690bd238caa7622647ea8ac94124f Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 13 Feb 2023 11:01:44 +0100
Subject: fips: Zeroize `out` in fips selftest
Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2169314
---
providers/fips/self_test.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index 80d048a847..11a989209c 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -221,6 +221,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
goto err;
ret = 1;
err:
+ OPENSSL_cleanse(out, sizeof(out));
OSSL_SELF_TEST_onend(ev, ret);
EVP_MAC_CTX_free(ctx);
EVP_MAC_free(mac);
--
2.39.1