Zero the premaster secret after deriving the master secret in DH

author Dr. Stephen Henson <steve@openssl.org>

Thu, 25 Jan 2001 13:15:01 +0000 (13:15 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 25 Jan 2001 13:15:01 +0000 (13:15 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 25 Jan 2001 13:15:01 +0000 (13:15 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 25 Jan 2001 13:15:01 +0000 (13:15 +0000)
diff --git a/CHANGES b/CHANGES

index 52409a97d4c2bdf0f7593606e5a48b7e56bc72db..31f9a6e1fb4d1bdec4b66975452dd2fa3bb7ac7b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,10 @@
  
   Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
  
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
    *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
       to data. This was previously part of the PKCS7 ASN1 code. This
       was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index 4704dfb59867a918d817e04d5cb51b8ca479912c..54e0a03057fcf64c11f25163db3f944101ed150a 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1425,6 +1425,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 s->session->master_key_length=
                         s->method->ssl3_enc->generate_master_secret(s,
                                 s->session->master_key,p,i);
+               memset(p,0,i);
                 }
         else
  #endif
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 25 Jan 2001 13:15:01 +0000 (13:15 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 25 Jan 2001 13:15:01 +0000 (13:15 +0000)
CHANGES		patch \| blob \| history
ssl/s3_srvr.c		patch \| blob \| history