projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9d9e053) | patch
Fix leak of secrecy in ecdh_compute_key()
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Sat, 15 Oct 2016 22:53:33 +0000 (00:53 +0200)
committerMatt Caswell <matt@openssl.org>
Tue, 25 Oct 2016 21:07:39 +0000 (22:07 +0100)
commita100602d58b0a2cfba1c0419470e637bb5fd227d
tree32951d2edc772ba91d34e5f935a4ed053fb3a022tree | snapshot
parent9d9e0535366b4e5cfb2eb4d74be6b3d546b98fe8commit | diff
Fix leak of secrecy in ecdh_compute_key()

A temporary buffer containing g^xy was not cleared in ecdh_compute_key()
before freeing it, so the shared secret was leaked in memory.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0e4690165b4beb6777b747b0aeb1646a301f41d9)
crypto/ecdh/ech_ossl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.