X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Ft1_enc.c;h=bfcd7d9191ffc369d9cf5cf89a1dcd5e8e4f50d7;hb=18be6c411645232e84dbb906b71bd8bdff50fcd9;hp=ecd2d6cbb557640bf8afb5c875e0d48e6314a809;hpb=c21506ba024adb6d5655a92d61c1d3824e5dedcf;p=oweals%2Fopenssl.git diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index ecd2d6cbb5..bfcd7d9191 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -110,10 +110,10 @@ */ #include +#include "ssl_locl.h" #include #include #include -#include "ssl_locl.h" #include static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, @@ -124,7 +124,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, unsigned int j; HMAC_CTX ctx; HMAC_CTX ctx_tmp; - unsigned char A1[HMAC_MAX_MD_CBLOCK]; + unsigned char A1[EVP_MAX_MD_SIZE]; unsigned int A1_len; chunk=EVP_MD_size(md); @@ -161,7 +161,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, } HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&ctx_tmp); - memset(A1,0,sizeof(A1)); + OPENSSL_cleanse(A1,sizeof(A1)); } static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, @@ -418,10 +418,10 @@ printf("\niv="); printf("\n"); #endif - memset(tmp1,0,sizeof(tmp1)); - memset(tmp2,0,sizeof(tmp1)); - memset(iv1,0,sizeof(iv1)); - memset(iv2,0,sizeof(iv2)); + OPENSSL_cleanse(tmp1,sizeof(tmp1)); + OPENSSL_cleanse(tmp2,sizeof(tmp1)); + OPENSSL_cleanse(iv1,sizeof(iv1)); + OPENSSL_cleanse(iv2,sizeof(iv2)); return(1); err: SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); @@ -476,7 +476,7 @@ printf("pre-master\n"); { int z; for (z=0; zsession->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } #endif tls1_generate_key_block(s,p1,p2,num); - memset(p2,0,num); + OPENSSL_cleanse(p2,num); OPENSSL_free(p2); #ifdef TLS_DEBUG printf("\nkey block\n"); @@ -490,10 +490,16 @@ printf("\nkey block\n"); */ s->s3->need_empty_fragments = 1; -#ifndef NO_RC4 - if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) - s->s3->need_empty_fragments = 0; + if (s->session->cipher != NULL) + { + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL) + s->s3->need_empty_fragments = 0; + +#ifndef OPENSSL_NO_RC4 + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4) + s->s3->need_empty_fragments = 0; #endif + } } return(1); @@ -677,10 +683,10 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf), s->session->master_key,s->session->master_key_length, - out,buf2,12); + out,buf2,sizeof buf2); EVP_MD_CTX_cleanup(&ctx); - return((int)12); + return sizeof buf2; } int tls1_mac(SSL *ssl, unsigned char *md, int send) @@ -767,7 +773,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s->s3->server_random,SSL3_RANDOM_SIZE); tls1_PRF(s->ctx->md5,s->ctx->sha1, buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, - s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE); + s->session->master_key,buff,sizeof buff); #ifdef KSSL_DEBUG printf ("tls1_generate_master_secret() complete\n"); #endif /* KSSL_DEBUG */