From 9b6dc281768554cd46e7cbf769f4622f01b617c3 Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Thu, 25 Jun 2020 20:22:44 +0000
Subject: [PATCH] Explicitly zero the temporary auth context used to generate
 HMAC state.

Reviewed by:	delphij
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D25439
---
 sys/dev/cesa/cesa.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/dev/cesa/cesa.c b/sys/dev/cesa/cesa.c
index 04646f1f4bd3..f8db5a258865 100644
--- a/sys/dev/cesa/cesa.c
+++ b/sys/dev/cesa/cesa.c
@@ -459,6 +459,7 @@ cesa_set_mkey(struct cesa_session *cs, int alg, const uint8_t *mkey, int mklen)
 		hin[i] = htobe32(hin[i]);
 		hout[i] = htobe32(hout[i]);
 	}
+	explicit_bzero(&auth_ctx, sizeof(auth_ctx));
 }
 
 static int