Fix leak of secrecy in ecdh_compute_key() (0e469016) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 0e469016 authored Oct 16, 2016 by

Dr. Matthias St. Pierre Committed by Matt Caswell Oct 25, 2016

Fix leak of secrecy in ecdh_compute_key()



A temporary buffer containing g^xy was not cleared in ecdh_compute_key()
before freeing it, so the shared secret was leaked in memory.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

parent 3ade92e7

Hide whitespace changes

Inline Side-by-side

Please register or to comment