From 0cd109564e52d81e6dc56f1e814305d5a4b1c901 Mon Sep 17 00:00:00 2001
From: bcook <>
Date: Thu, 25 Jul 2019 11:41:03 +0000
Subject: zero tmpkeyiv buffer after use when encrypting

from Steven Roberts
---
 src/usr.bin/openssl/enc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/openssl/enc.c b/src/usr.bin/openssl/enc.c
index 8518ff4c9d..3aeaac648c 100644
--- a/src/usr.bin/openssl/enc.c
+++ b/src/usr.bin/openssl/enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: enc.c,v 1.21 2019/07/14 03:30:45 guenther Exp $ */
+/* $OpenBSD: enc.c,v 1.22 2019/07/25 11:41:03 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -632,7 +632,9 @@ enc_main(int argc, char **argv)
 				}
 				/* split and move data back to global buffer */
 				memcpy(key, tmpkeyiv, iklen);
-				memcpy(iv, tmpkeyiv+iklen, ivlen);
+				memcpy(iv, tmpkeyiv + iklen, ivlen);
+				/* zero the tmpkeyiv buffer */
+				explicit_bzero(tmpkeyiv, sizeof tmpkeyiv);
 			} else {
 				EVP_BytesToKey(enc_config.cipher, dgst, sptr,
 				    (unsigned char *)enc_config.keystr,
-- 
cgit v1.2.3-55-g6feb