CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/09/13 06:52:07
Modified files:
lib/libssl/src/ssl: s3_clnt.c
Log message:
Stop generating private keys in a network buffer.
The current client key exchange code generates DH and ECDH keys into the
same buffer that we use to send data to the network - stop doing this and
malloc() a new buffer, which we explicit_bzero() and free() on return.
This also benefits from ASLR and means that the keys are no longer
generated in a well known location.
ok beck@
