提交 a342cc5a 编写于 作者: D Dr. Stephen Henson

Zero the premaster secret after deriving the master secret in DH

ciphersuites.
上级 67c3cf06
...@@ -3,6 +3,10 @@ ...@@ -3,6 +3,10 @@
Changes between 0.9.6 and 0.9.7 [xx XXX 2000] Changes between 0.9.6 and 0.9.7 [xx XXX 2000]
*) Zero the premaster secret after deriving the master secret in
DH ciphersuites.
[Steve Henson]
*) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
to data. This was previously part of the PKCS7 ASN1 code. This to data. This was previously part of the PKCS7 ASN1 code. This
was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
......
...@@ -1425,6 +1425,7 @@ static int ssl3_get_client_key_exchange(SSL *s) ...@@ -1425,6 +1425,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
s->session->master_key_length= s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s, s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,p,i); s->session->master_key,p,i);
memset(p,0,i);
} }
else else
#endif #endif
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册