[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Jun 4 11:59:47 UTC 2015
The branch master has been updated
via f3d889523ee84f1e87e4da0d59e2702a4bee7907 (commit)
via b7ee4815f2452c854cc859e8dda88f2673cdddea (commit)
from c56353071d9849220714d8a556806703771b9269 (commit)
- Log -----------------------------------------------------------------
commit f3d889523ee84f1e87e4da0d59e2702a4bee7907
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jun 4 11:18:55 2015 +0100
Remove misleading comment
Remove a comment that suggested further clean up was required.
DH_free() performs the necessary cleanup.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit b7ee4815f2452c854cc859e8dda88f2673cdddea
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jun 4 11:16:16 2015 +0100
Clean premaster_secret for GOST
Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_clnt.c | 2 --
ssl/s3_srvr.c | 1 +
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 888fe4f..632d743 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2572,8 +2572,6 @@ int ssl3_send_client_key_exchange(SSL *s)
}
DH_free(dh_clnt);
-
- /* perhaps clean things up a bit EAY EAY EAY EAY */
}
#endif
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 88e649d..90a67d1 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2825,6 +2825,7 @@ int ssl3_get_client_key_exchange(SSL *s)
s->
session->master_key,
premaster_secret, 32);
+ OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret));
if (s->session->master_key_length < 0) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
More information about the openssl-commits
mailing list