From fcfbc2b8c849e919658e9f9b4fd91038fdd99925 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 15 Jun 2014 15:39:43 +0000
Subject: The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field
 of the EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire
 context, rather than just part of it.

ok beck@ miod@
---
 src/lib/libcrypto/evp/e_aes.c         | 4 ++--
 src/lib/libssl/src/crypto/evp/e_aes.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 197333a6ed..07b3469f42 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.19 2014/06/12 15:49:29 deraadt Exp $ */
+/* $OpenBSD: e_aes.c,v 1.20 2014/06/15 15:39:43 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -651,7 +651,7 @@ aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
 	EVP_AES_GCM_CTX *gctx = c->cipher_data;
 
-	OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
+	OPENSSL_cleanse(gctx, sizeof(*gctx));
 	if (gctx->iv != c->iv)
 		free(gctx->iv);
 	return 1;
diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c
index 197333a6ed..07b3469f42 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.19 2014/06/12 15:49:29 deraadt Exp $ */
+/* $OpenBSD: e_aes.c,v 1.20 2014/06/15 15:39:43 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -651,7 +651,7 @@ aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
 	EVP_AES_GCM_CTX *gctx = c->cipher_data;
 
-	OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
+	OPENSSL_cleanse(gctx, sizeof(*gctx));
 	if (gctx->iv != c->iv)
 		free(gctx->iv);
 	return 1;
-- 
cgit v1.2.3-55-g6feb