[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Mon Oct 16 19:17:54 UTC 2017
The branch master has been updated
via 1f83edda7b13b371b16de2ebff6455c8bc6dbbcd (commit)
from fdc83a7c50a0681c309e2249a43d7a21080c4265 (commit)
- Log -----------------------------------------------------------------
commit 1f83edda7b13b371b16de2ebff6455c8bc6dbbcd
Author: EasySec <easy.sec at free.fr>
Date: Mon Oct 16 15:05:10 2017 -0400
Cleaning secret data after use
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4509)
-----------------------------------------------------------------------
Summary of changes:
apps/enc.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/apps/enc.c b/apps/enc.c
index 5117a49..14b029b 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -476,9 +476,13 @@ int enc_main(int argc, char **argv)
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
- if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
- BIO_printf(bio_err, "invalid hex key value\n");
- goto end;
+ if (hkey != NULL) {
+ if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+ BIO_printf(bio_err, "invalid hex key value\n");
+ goto end;
+ }
+ /* wiping secret data as we no longer need it */
+ OPENSSL_cleanse(hkey, strlen(hkey));
}
if ((benc = BIO_new(BIO_f_cipher())) == NULL)
More information about the openssl-commits
mailing list