The OPENSSL_cleanse() in aes_gcm_cleanup() only cleans the gcm field of the

EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context, rather than just part of it. ok beck@ miod@
author: jsing <jsing@openbsd.org> 2014-06-15 15:39:43 +0000
committer: jsing <jsing@openbsd.org> 2014-06-15 15:39:43 +0000
commit: d25e05c23bc0c961fcc6baaee625136eca86cf02 (patch)
tree: c6913b29d2a45429905220de2665aaf14b5d25af /lib/libssl/src
parent: Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(), (diff)
download: wireguard-openbsd-d25e05c23bc0c961fcc6baaee625136eca86cf02.tar.xz
wireguard-openbsd-d25e05c23bc0c961fcc6baaee625136eca86cf02.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/src/crypto/evp/e_aes.c b/lib/libssl/src/crypto/evp/e_aes.c
index 197333a6ed7..07b3469f427 100644
--- a/lib/libssl/src/crypto/evp/e_aes.c
+++ b/lib/libssl/src/crypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.19 2014/06/12 15:49:29 deraadt Exp $ */
+/* $OpenBSD: e_aes.c,v 1.20 2014/06/15 15:39:43 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -651,7 +651,7 @@ aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
 	EVP_AES_GCM_CTX *gctx = c->cipher_data;
 
-	OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
+	OPENSSL_cleanse(gctx, sizeof(*gctx));
 	if (gctx->iv != c->iv)
 		free(gctx->iv);
 	return 1;
author	jsing <jsing@openbsd.org>	2014-06-15 15:39:43 +0000
committer	jsing <jsing@openbsd.org>	2014-06-15 15:39:43 +0000
commit	d25e05c23bc0c961fcc6baaee625136eca86cf02 (patch)
tree	c6913b29d2a45429905220de2665aaf14b5d25af /lib/libssl/src
parent	Rename ssl3_record_sequence_update() to ssl3_record_sequence_increment(), (diff)
download	wireguard-openbsd-d25e05c23bc0c961fcc6baaee625136eca86cf02.tar.xz wireguard-openbsd-d25e05c23bc0c961fcc6baaee625136eca86cf02.zip