diff options
author | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2016-10-16 00:53:33 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-10-25 22:07:39 +0100 |
commit | a100602d58b0a2cfba1c0419470e637bb5fd227d (patch) | |
tree | 32951d2edc772ba91d34e5f935a4ed053fb3a022 | |
parent | 9d9e0535366b4e5cfb2eb4d74be6b3d546b98fe8 (diff) |
Fix leak of secrecy in ecdh_compute_key()
A temporary buffer containing g^xy was not cleared in ecdh_compute_key()
before freeing it, so the shared secret was leaked in memory.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0e4690165b4beb6777b747b0aeb1646a301f41d9)
-rw-r--r-- | crypto/ecdh/ech_ossl.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index d448b19a52..2d14252dce 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -202,7 +202,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, BN_CTX_end(ctx); if (ctx) BN_CTX_free(ctx); - if (buf) + if (buf) { + OPENSSL_cleanse(buf, buflen); OPENSSL_free(buf); + } return (ret); } |