Zero the premaster secret after deriving the master secret in DH
ciphersuites.
This commit is contained in:
Dr. Stephen Henson
parent
2b8d087ba1
commit
de0b3ab7fb
2 changed files with 5 additions and 0 deletions
4
CHANGES
4
CHANGES
|
|
@ -4,6 +4,10 @@
|
|||
|
||||
Changes between 0.9.6 and 0.9.6a [xx XXX 2000]
|
||||
|
||||
*) Zero the premaster secret after deriving the master secret in
|
||||
DH ciphersuites.
|
||||
[Steve Henson]
|
||||
|
||||
*) Add some EVP_add_digest_alias registrations (as found in
|
||||
OpenSSL_add_all_digests()) to SSL_library_init()
|
||||
aka OpenSSL_add_ssl_algorithms(). This provides improved
|
||||
|
|
|
|||
|
|
@ -1414,6 +1414,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
|
|||
s->session->master_key_length=
|
||||
s->method->ssl3_enc->generate_master_secret(s,
|
||||
s->session->master_key,p,i);
|
||||
memset(p,0,i);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in a new issue