Hello, There is a patches made in the past to cleanse sensitive data, such as premaster sectes for DH ciphersuites, in pemory. But is missed for GOST ones.
Please find attached a patch which solve this issue. Both for server and client. Also it shorten the distance between premaster generation and cleaing to decrease possible exposure time. To apply patch use following command in root of current OpenSSL development tree: patch -p1 -l -u -b -i AndreyHello,
There is a patches made in the past to cleanse sensitive data, such as premaster sectes for DH ciphersuites, in pemory.
But is missed for GOST ones.
Please find attached a patch which solve this issue.
Both for server and client.
Also it shorten the distance between premaster generation and cleaing to decrease possible exposure time.
To apply patch use following command in root of current OpenSSL development tree:
patch -p1 -l -u -b -i
Andrey
server_cert_from_engine4.patch
Description: Binary data
