err:
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
err2:
+ OPENSSL_cleanse(tmp1, sizeof(tmp1));
+ OPENSSL_cleanse(tmp2, sizeof(tmp1));
+ OPENSSL_cleanse(iv1, sizeof(iv1));
+ OPENSSL_cleanse(iv2, sizeof(iv2));
return (0);
}
EVP_MD_CTX ctx, *d = NULL;
int i;
- if (s->s3->handshake_buffer)
- if (!ssl3_digest_cached_records(s))
- return 0;
+ if (!ssl3_digest_cached_records(s, 0))
+ return 0;
for (i = 0; i < SSL_MAX_DIGEST; i++) {
if (s->s3->handshake_dgst[i]
unsigned char hash[2 * EVP_MAX_MD_SIZE];
unsigned char buf2[12];
- if (s->s3->handshake_buffer)
- if (!ssl3_digest_cached_records(s))
- return 0;
+ if (!ssl3_digest_cached_records(s, 0))
+ return 0;
hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
return 0;
OPENSSL_cleanse(hash, hashlen);
OPENSSL_cleanse(buf2, sizeof(buf2));
- return sizeof buf2;
+ return sizeof(buf2);
}
int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
unsigned char hash[EVP_MAX_MD_SIZE * 2];
int hashlen;
- /* If we don't have any digests cache records */
- if (s->s3->handshake_buffer) {
- /*
- * keep record buffer: this wont affect client auth because we're
- * freezing the buffer at the same point (after client key
- * exchange and before certificate verify)
- */
- s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
- if (!ssl3_digest_cached_records(s))
- return -1;
- }
+ /* Digest cached records keeping record buffer (if present):
+ * this wont affect client auth because we're freezing the buffer
+ * at the same point (after client key exchange and before certificate
+ * verify)
+ */
+ if (!ssl3_digest_cached_records(s, 1))
+ return -1;
hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
#ifdef SSL_DEBUG
fprintf(stderr, "Handshake hashes:\n");
{
unsigned char *buff;
unsigned char *val = NULL;
- size_t vallen, currentvalpos;
+ size_t vallen = 0, currentvalpos;
int rv;
buff = OPENSSL_malloc(olen);
NULL, 0,
s->session->master_key, s->session->master_key_length,
out, buff, olen);
- OPENSSL_cleanse(val, vallen);
- OPENSSL_cleanse(buff, olen);
goto ret;
err1:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
rv = 0;
ret:
- OPENSSL_free(buff);
- OPENSSL_free(val);
+ CRYPTO_clear_free(val, vallen);
+ CRYPTO_clear_free(buff, olen);
return (rv);
}