Sure, looks fine in this micro context so maybe someone copying code from
here as an example will do better. Though note that wider-scoped key/iv
still contain the key material after EVP_CipherInit_ex and so on.
Doesn't appear we've sprinkled many explicit_bzero's into openssl(1) in
general given
Hi,
This patch for openssl enc will zero out tmpkeyiv which contains key
information.
Thanks.
Index: enc.c
===
RCS file: /cvs/src/usr.bin/openssl/enc.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 enc.c
--- enc.c 14 Jul 201
