cipher: Clear AESWRAP scratch area immediately after use

* cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_decrypt): Call wipememory. -- Note that gcry_cipher_close will do this also but some applications keep the context for a long time and thus plaintext could be found in memory during the time the context is open. GnuPG-bug-id: 5597
author: Werner Koch <wk@gnupg.org> 2021-09-13 16:45:15 +0200
committer: Werner Koch <wk@gnupg.org> 2021-09-13 16:45:29 +0200
commit: df4fe02794bb3511f7006d641e99736bad091c58 (patch)
tree: 545907d34cd832f49b2f64f06bde53fe0e85f678
parent: 47e425e07995454573e28c13c08229d2f8a75642 (diff)
download: libgcrypt-df4fe02794bb3511f7006d641e99736bad091c58.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/cipher/cipher-aeswrap.c b/cipher/cipher-aeswrap.c
index c182657e..42407519 100644
--- a/cipher/cipher-aeswrap.c
+++ b/cipher/cipher-aeswrap.c
@@ -187,6 +187,7 @@ _gcry_cipher_aeswrap_decrypt (gcry_cipher_hd_t c,
           memcpy (r+(i-1)*8, b+8, 8);
         }
    }
+  wipememory (b, 16);  /* Clear scratch area.  */
 
   /* If an IV has been set we compare against this Alternative Initial
      Value; if it has not been set we compare against the standard IV.  */
author	Werner Koch <wk@gnupg.org>	2021-09-13 16:45:15 +0200
committer	Werner Koch <wk@gnupg.org>	2021-09-13 16:45:29 +0200
commit	df4fe02794bb3511f7006d641e99736bad091c58 (patch)
tree	545907d34cd832f49b2f64f06bde53fe0e85f678
parent	47e425e07995454573e28c13c08229d2f8a75642 (diff)
download	libgcrypt-df4fe02794bb3511f7006d641e99736bad091c58.tar.gz