From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 25 Jan 2001 13:15:01 +0000 (+0000)
Subject: Zero the premaster secret after deriving the master secret in DH
X-Git-Tag: OpenSSL_0_9_6a-beta1~74^2~8
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=a342cc5a7099a44cdbbd74a37d73a1a86806f779

Zero the premaster secret after deriving the master secret in DH
ciphersuites.
---

diff --git a/CHANGES b/CHANGES
index 52409a97d4..31f9a6e1fb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,10 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
   *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
      to data. This was previously part of the PKCS7 ASN1 code. This
      was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4704dfb598..54e0a03057 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1425,6 +1425,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,p,i);
+		memset(p,0,i);
 		}
 	else
 #endif