From 97919939ff4cfa548da4998615e9e166f5a3ea29 Mon Sep 17 00:00:00 2001 From: tedu <> Date: Thu, 21 Nov 2019 16:13:39 +0000 Subject: [PATCH] zero tmpout too. reminded by related diff from tim --- src/lib/libutil/bcrypt_pbkdf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/libutil/bcrypt_pbkdf.c b/src/lib/libutil/bcrypt_pbkdf.c index 21722f56..507bdc98 100644 --- a/src/lib/libutil/bcrypt_pbkdf.c +++ b/src/lib/libutil/bcrypt_pbkdf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt_pbkdf.c,v 1.14 2019/11/21 16:07:24 tedu Exp $ */ +/* $OpenBSD: bcrypt_pbkdf.c,v 1.15 2019/11/21 16:13:39 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst * @@ -164,6 +164,7 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl /* zap */ explicit_bzero(&ctx, sizeof(ctx)); explicit_bzero(out, sizeof(out)); + explicit_bzero(tmpout, sizeof(tmpout)); return 0;