Zero stack based IV and buffer when aes_ctr32_encrypt_generic() completes.

ok tb@
author: jsing <> 2025-07-20 08:55:49 +0000
committer: jsing <> 2025-07-20 08:55:49 +0000
commit: 32c75086555dc2a71cc1500a21b0d024fe48ceaf (patch)
tree: a9e7701e847e3e2ac6c05fe0a223eadaa6fc2a18 /src
parent: e467f7a8c459a9b2590c8dcca00208d63f34cd84 (diff)
download: openbsd-32c75086555dc2a71cc1500a21b0d024fe48ceaf.tar.gz
openbsd-32c75086555dc2a71cc1500a21b0d024fe48ceaf.tar.bz2
openbsd-32c75086555dc2a71cc1500a21b0d024fe48ceaf.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libcrypto/aes/aes.c b/src/lib/libcrypto/aes/aes.c
index 45b7a3b109..cbfb548b3b 100644
--- a/src/lib/libcrypto/aes/aes.c
+++ b/src/lib/libcrypto/aes/aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes.c,v 1.11 2025/07/13 06:01:33 jsing Exp $ */
+/* $OpenBSD: aes.c,v 1.12 2025/07/20 08:55:49 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
@@ -196,6 +196,9 @@ aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out,
                out += 16;
                blocks--;
        }
+        explicit_bzero(buf, sizeof(buf));
+        explicit_bzero(iv, sizeof(iv));
 }
 #ifdef HAVE_AES_CTR32_ENCRYPT_INTERNAL
author	jsing <>	2025-07-20 08:55:49 +0000
committer	jsing <>	2025-07-20 08:55:49 +0000
commit	32c75086555dc2a71cc1500a21b0d024fe48ceaf (patch)
tree	a9e7701e847e3e2ac6c05fe0a223eadaa6fc2a18 /src
parent	e467f7a8c459a9b2590c8dcca00208d63f34cd84 (diff)
download	openbsd-32c75086555dc2a71cc1500a21b0d024fe48ceaf.tar.gz openbsd-32c75086555dc2a71cc1500a21b0d024fe48ceaf.tar.bz2 openbsd-32c75086555dc2a71cc1500a21b0d024fe48ceaf.zip