generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Clean premaster_secret for GOST

Browse Source 
Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b7ee4815f2452c854cc859e8dda88f2673cdddea)

Conflicts:
	ssl/s3_srvr.c
This commit is contained in:
Matt Caswell 2015-06-04 11:16:16 +01:00
parent c36d3840ff
commit 4b6f33a5c2
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/s3_srvr.c
View File

@ -2914,6 +2914,7 @@ int ssl3_get_client_key_exchange(SSL *s)
s-> s->
session->master_key, session->master_key,
premaster_secret, 32); premaster_secret, 32);
OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret));
/* Check if pubkey from client certificate was used */ /* Check if pubkey from client certificate was used */
if (EVP_PKEY_CTX_ctrl if (EVP_PKEY_CTX_ctrl
(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)