Zero the premaster secret after deriving the master secret in DH

ciphersuites.
2001-01-25 13:15:01 +00:00 · 2001-01-25 13:15:01 +00:00 · a342cc5a70
commit a342cc5a70
parent 67c3cf0675
2 changed files with 5 additions and 0 deletions
--- a/4
+++ b/4
@ -3,6 +3,10 @@

 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
     to data. This was previously part of the PKCS7 ASN1 code. This
     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -1425,6 +1425,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,p,i);
+		memset(p,0,i);
 		}
 	else
 #endif