Eliminate unused buffers from ssl3_change_cipher_state
authorDmitry Belyavskiy <beldmit@gmail.com>
Wed, 2 Jan 2019 12:47:07 +0000 (15:47 +0300)
committerMatt Caswell <matt@openssl.org>
Thu, 3 Jan 2019 14:17:31 +0000 (14:17 +0000)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7971)

ssl/s3_enc.c

index 9af4ccb087dd94618710a643830a91f07252e941..4d884f47a203e2530630f4575ddd1e900d9cdd64 100644 (file)
@@ -90,8 +90,6 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 int ssl3_change_cipher_state(SSL *s, int which)
 {
     unsigned char *p, *mac_secret;
-    unsigned char exp_key[EVP_MAX_KEY_LENGTH];
-    unsigned char exp_iv[EVP_MAX_IV_LENGTH];
     unsigned char *ms, *key, *iv;
     EVP_CIPHER_CTX *dd;
     const EVP_CIPHER *c;
@@ -239,12 +237,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
     }
 
     s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
-    OPENSSL_cleanse(exp_key, sizeof(exp_key));
-    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     return 1;
  err:
-    OPENSSL_cleanse(exp_key, sizeof(exp_key));
-    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     return 0;
 }