Stop generating private keys in a network buffer. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2015-09-13 12:52:07 +0000
committer	jsing <>	2015-09-13 12:52:07 +0000
commit	dbde60fff1c036e5516a50111ebb745f671073d4 (patch)
tree	f6ea2b92ad7e8b51381771f6255361b62689c691 /src/lib/libc/stdlib/l64a.c
parent	629b11ace4d06660bae04ea3e03ea2fe9455d522 (diff)
download	openbsd-dbde60fff1c036e5516a50111ebb745f671073d4.tar.gz openbsd-dbde60fff1c036e5516a50111ebb745f671073d4.tar.bz2 openbsd-dbde60fff1c036e5516a50111ebb745f671073d4.zip

Stop generating private keys in a network buffer.

The current client key exchange code generates DH and ECDH keys into the same buffer that we use to send data to the network - stop doing this and malloc() a new buffer, which we explicit_bzero() and free() on return. This also benefits from ASLR and means that the keys are no longer generated in a well known location. ok beck@

Diffstat (limited to 'src/lib/libc/stdlib/l64a.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: