projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 765e246)
Cleanse buffers
authorMatt Caswell <matt@openssl.org>
Mon, 9 Mar 2015 13:59:58 +0000 (13:59 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 11 Mar 2015 10:54:35 +0000 (10:54 +0000)
Cleanse various intermediate buffers used by the PRF (backported version
from master).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 35fafc4dbc0b3a717ad1b208fe2867e8c64867de)

Conflicts:
ssl/s3_enc.c

Conflicts:
ssl/t1_enc.c

ssl/s3_enc.c patch | blob | history
ssl/t1_enc.c patch | blob | history

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 7c3a38c83790a8785587c45f7fe6f9aa579f7cb0..247efdc741a26b5d7037b6f8d0e06bddf6ece7a2 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -830,6 +830,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
         ret += n;
     }
     EVP_MD_CTX_cleanup(&ctx);
+    OPENSSL_cleanse(buf, sizeof buf);
     return (ret);
 }
 
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index acef20bdbbf5e6efdae04a3aedddec9076478173..c233827659e3c2b3a97aaa6d717f486c0c216f76 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -860,6 +860,8 @@ int tls1_final_finish_mac(SSL *s,
         err = 1;
     EVP_MD_CTX_cleanup(&ctx);
 
+    OPENSSL_cleanse(buf, (int)(q - buf));
+    OPENSSL_cleanse(buf2, sizeof(buf2));
     if (err)
         return 0;
     else
@@ -1017,6 +1019,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
              co, col,
              s->s3->server_random, SSL3_RANDOM_SIZE,
              so, sol, p, len, s->session->master_key, buff, sizeof buff);
+    OPENSSL_cleanse(buff, sizeof buff);
 
 #ifdef KSSL_DEBUG
     printf("tls1_generate_master_secret() complete\n");
Unnamed repository; edit this file 'description' to name the repository.