projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c36d384)
Clean premaster_secret for GOST
authorMatt Caswell <matt@openssl.org>
Thu, 4 Jun 2015 10:16:16 +0000 (11:16 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 4 Jun 2015 11:56:13 +0000 (12:56 +0100)
Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b7ee4815f2452c854cc859e8dda88f2673cdddea)

Conflicts:
ssl/s3_srvr.c

ssl/s3_srvr.c patch | blob | history

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index d07f76887d9d78ffa96d3a63c40931902f882de4..9aa329260ae778c72338a4e2722909276128d191 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2914,6 +2914,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                                                         s->
                                                         session->master_key,
                                                         premaster_secret, 32);
+        OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret));
         /* Check if pubkey from client certificate was used */
         if (EVP_PKEY_CTX_ctrl
             (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
Unnamed repository; edit this file 'description' to name the repository.