commit cc2ec1f7a082a95f019ba80d9be7f628ebafcc6a
from: rsadowski <rsadowski@openbsd.org>
date: Sat May 16 13:16:50 2026 UTC

relayd: use explicit_bzero in ssl_password_cb

This replaces bzero with explicit_bzero in the SSL password callback. Since
ssl_password_cb handles sensitive data a standard bzero could be optimized
away by the compiler.

Additionally, this ensures the buffer is cleared if strlcpy fails due to
truncation, preventing password fragments from lingering in memory.

OK renaud@, kirill@

commit - 36dd1e7a7bf9f6dccf52a294d7d29221aef265f4
commit + cc2ec1f7a082a95f019ba80d9be7f628ebafcc6a
blob - 19950b89e56aec83e15bc9635293bd078f331e45
blob + 96f51bb931d9596eebae75968ffe819f2c774716
--- ssl.c
+++ ssl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl.c,v 1.38 2026/03/02 19:28:01 rsadowski Exp $	*/
+/*	$OpenBSD: ssl.c,v 1.39 2026/05/16 13:16:50 rsadowski Exp $	*/
 
 /*
  * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -38,11 +38,13 @@ ssl_password_cb(char *buf, int size, int rwflag, void 
 {
 	size_t	len;
 	if (u == NULL) {
-		bzero(buf, size);
+		explicit_bzero(buf, size);
 		return (0);
 	}
-	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
+	if ((len = strlcpy(buf, u, size)) >= (size_t)size) {
+		explicit_bzero(buf, size);
 		return (0);
+	}
 	return (len);
 }