From 17a831ea25c9a69ae13416cbfdb597b31dac3603 Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Thu, 25 Jun 2020 20:18:55 +0000
Subject: [PATCH] Zero the temporary HMAC key in hmac_init_pad().

Reviewed by:	delphij
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D25436
---
 sys/opencrypto/crypto.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c
index a14ee9812937..e9ddaebbb9f2 100644
--- a/sys/opencrypto/crypto.c
+++ b/sys/opencrypto/crypto.c
@@ -444,6 +444,7 @@ hmac_init_pad(struct auth_hash *axf, const char *key, int klen, void *auth_ctx,
 
 	axf->Init(auth_ctx);
 	axf->Update(auth_ctx, hmac_key, axf->blocksize);
+	explicit_bzero(hmac_key, sizeof(hmac_key));
 }
 
 void