summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorBrent Cook <bcook@cvs.openbsd.org>2019-07-25 11:41:04 +0000
committerBrent Cook <bcook@cvs.openbsd.org>2019-07-25 11:41:04 +0000
commite1d4dec437f1645d0ee270893075456d74ad5c27 (patch)
treee124c163bcf70042016ce9cfe3bbbffcb03a03b5 /usr.bin
parent60912ab8ecdacc81683bf589d0d1320cfd433535 (diff)
zero tmpkeyiv buffer after use when encrypting
from Steven Roberts
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/openssl/enc.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.bin/openssl/enc.c b/usr.bin/openssl/enc.c
index 8518ff4c9da..3aeaac648c0 100644
--- a/usr.bin/openssl/enc.c
+++ b/usr.bin/openssl/enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: enc.c,v 1.21 2019/07/14 03:30:45 guenther Exp $ */
+/* $OpenBSD: enc.c,v 1.22 2019/07/25 11:41:03 bcook Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -632,7 +632,9 @@ enc_main(int argc, char **argv)
}
/* split and move data back to global buffer */
memcpy(key, tmpkeyiv, iklen);
- memcpy(iv, tmpkeyiv+iklen, ivlen);
+ memcpy(iv, tmpkeyiv + iklen, ivlen);
+ /* zero the tmpkeyiv buffer */
+ explicit_bzero(tmpkeyiv, sizeof tmpkeyiv);
} else {
EVP_BytesToKey(enc_config.cipher, dgst, sptr,
(unsigned char *)enc_config.keystr,
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-15 15:11:12 +0000