Clean premaster_secret for GOST

Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit b7ee4815f2) Conflicts: ssl/s3_srvr.c
2015-06-04 11:16:16 +01:00 · 2015-06-04 11:16:16 +01:00 · 4b6f33a5c2
commit 4b6f33a5c2
parent c36d3840ff
1 changed files with 1 additions and 0 deletions
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -2914,6 +2914,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                                                        s->
                                                        session->master_key,
                                                        premaster_secret, 32);
+        OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret));
        /* Check if pubkey from client certificate was used */
        if (EVP_PKEY_CTX_ctrl
            (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)