From de0b3ab7fbb81933dcdb41d7c1a33bb9c7f9597a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 25 Jan 2001 13:20:39 +0000
Subject: [PATCH] Zero the premaster secret after deriving the master secret in
 DH ciphersuites.

---
 CHANGES       | 4 ++++
 ssl/s3_srvr.c | 1 +
 2 files changed, 5 insertions(+)

diff --git a/CHANGES b/CHANGES
index 6868776a60..dd2dae0293 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2000]
 
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
   *) Add some EVP_add_digest_alias registrations (as found in
      OpenSSL_add_all_digests()) to SSL_library_init()
      aka OpenSSL_add_ssl_algorithms().  This provides improved
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index bb8cfb31e5..d04232960e 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1414,6 +1414,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,p,i);
+		memset(p,0,i);
 		}
 	else
 #endif
-- 
2.25.1