git.openssl.org Git - openssl.git/commit

author	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
	Sat, 15 Oct 2016 22:53:33 +0000 (00:53 +0200)
committer	Matt Caswell <matt@openssl.org>
	Tue, 25 Oct 2016 21:04:36 +0000 (22:04 +0100)
commit	0e4690165b4beb6777b747b0aeb1646a301f41d9
tree	492728b4185dfa2f638b1c7aa4d01acf97002a4f	tree \| snapshot
parent	3ade92e785bb3777c92332f88e23f6ce906ee260	commit \| diff

Fix leak of secrecy in ecdh_compute_key()

A temporary buffer containing g^xy was not cleared in ecdh_compute_key()
before freeing it, so the shared secret was leaked in memory.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

crypto/ecdh/ech_ossl.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom