[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Tue Oct 25 21:09:34 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 0e4690165b4beb6777b747b0aeb1646a301f41d9 (commit)
from 3ade92e785bb3777c92332f88e23f6ce906ee260 (commit)
- Log -----------------------------------------------------------------
commit 0e4690165b4beb6777b747b0aeb1646a301f41d9
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date: Sun Oct 16 00:53:33 2016 +0200
Fix leak of secrecy in ecdh_compute_key()
A temporary buffer containing g^xy was not cleared in ecdh_compute_key()
before freeing it, so the shared secret was leaked in memory.
Reviewed-by: Kurt Roeckx <kurt at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/ecdh/ech_ossl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index df115cc..d3b0524 100644
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -212,7 +212,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
BN_CTX_end(ctx);
if (ctx)
BN_CTX_free(ctx);
- if (buf)
+ if (buf) {
+ OPENSSL_cleanse(buf, buflen);
OPENSSL_free(buf);
+ }
return (ret);
}
More information about the openssl-commits
mailing list