From 1f83edda7b13b371b16de2ebff6455c8bc6dbbcd Mon Sep 17 00:00:00 2001 From: EasySec Date: Mon, 16 Oct 2017 15:05:10 -0400 Subject: [PATCH] Cleaning secret data after use Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/4509) --- apps/enc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/apps/enc.c b/apps/enc.c index 5117a4980e..14b029b33f 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -476,9 +476,13 @@ int enc_main(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { - BIO_printf(bio_err, "invalid hex key value\n"); - goto end; + if (hkey != NULL) { + if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { + BIO_printf(bio_err, "invalid hex key value\n"); + goto end; + } + /* wiping secret data as we no longer need it */ + OPENSSL_cleanse(hkey, strlen(hkey)); } if ((benc = BIO_new(BIO_f_cipher())) == NULL) -- GitLab