Hi,
This patch for openssl enc will zero out tmpkeyiv which contains key
information.
Thanks.
Index: enc.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/enc.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 enc.c
--- enc.c 14 Jul 2019 03:30:45 -0000 1.21
+++ enc.c 22 Jul 2019 16:53:20 -0000
@@ -633,6 +633,8 @@ enc_main(int argc, char **argv)
/* split and move data back to global buffer */
memcpy(key, tmpkeyiv, iklen);
memcpy(iv, tmpkeyiv+iklen, ivlen);
+ /* zero the tmpkeyiv buffer */
+ explicit_bzero(tmpkeyiv, sizeof(tmpkeyiv));
} else {
EVP_BytesToKey(enc_config.cipher, dgst, sptr,
(unsigned char *)enc_config.keystr,
