From: EasySec <easy.sec@free.fr>
Date: Mon, 16 Oct 2017 19:05:10 +0000 (-0400)
Subject: Cleaning secret data after use
X-Git-Tag: OpenSSL_1_1_1-pre1~542
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=1f83edda7b13b371b16de2ebff6455c8bc6dbbcd

Cleaning secret data after use

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4509)
---

diff --git a/apps/enc.c b/apps/enc.c
index 5117a4980e..14b029b33f 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -476,9 +476,13 @@ int enc_main(int argc, char **argv)
             BIO_printf(bio_err, "iv undefined\n");
             goto end;
         }
-        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
-            BIO_printf(bio_err, "invalid hex key value\n");
-            goto end;
+        if (hkey != NULL) {
+            if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+                BIO_printf(bio_err, "invalid hex key value\n");
+                goto end;
+            }
+            /* wiping secret data as we no longer need it */
+            OPENSSL_cleanse(hkey, strlen(hkey));
         }
 
         if ((benc = BIO_new(BIO_f_cipher())) == NULL)