EVP_SealInit(): clear random key on exit

ok jsing kenjiro
author: tb <> 2026-01-30 13:57:13 +0000
committer: tb <> 2026-01-30 13:57:13 +0000
commit: 06d332fd67117492593691579e28332dffe3eb74 (patch)
tree: d8a3761e5e45b2bda65e79c726062d44e61da6fa /src/lib
parent: fdcc97e7af1a70232b9b2e46ae9336350095d9b1 (diff)
download: openbsd-06d332fd67117492593691579e28332dffe3eb74.tar.gz
openbsd-06d332fd67117492593691579e28332dffe3eb74.tar.bz2
openbsd-06d332fd67117492593691579e28332dffe3eb74.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/libcrypto/evp/p_legacy.c b/src/lib/libcrypto/evp/p_legacy.c
index f882036e68..8896819546 100644
--- a/src/lib/libcrypto/evp/p_legacy.c
+++ b/src/lib/libcrypto/evp/p_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: p_legacy.c,v 1.11 2026/01/30 13:54:28 tb Exp $ */
+/*      $OpenBSD: p_legacy.c,v 1.12 2026/01/30 13:57:13 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -57,9 +57,9 @@
 */
 #include <stdlib.h>
+#include <string.h>
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
 #include "err_local.h"
@@ -200,6 +200,8 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
        ret = npubk;
 err:
+        explicit_bzero(key, sizeof(key));
        return ret;
 }
 LCRYPTO_ALIAS(EVP_SealInit);
author	tb <>	2026-01-30 13:57:13 +0000
committer	tb <>	2026-01-30 13:57:13 +0000
commit	06d332fd67117492593691579e28332dffe3eb74 (patch)
tree	d8a3761e5e45b2bda65e79c726062d44e61da6fa /src/lib
parent	fdcc97e7af1a70232b9b2e46ae9336350095d9b1 (diff)
download	openbsd-06d332fd67117492593691579e28332dffe3eb74.tar.gz openbsd-06d332fd67117492593691579e28332dffe3eb74.tar.bz2 openbsd-06d332fd67117492593691579e28332dffe3eb74.zip