Cleanse buffers

author Matt Caswell <matt@openssl.org>

Mon, 9 Mar 2015 13:59:58 +0000 (13:59 +0000)

committer Matt Caswell <matt@openssl.org>

Wed, 11 Mar 2015 10:57:14 +0000 (10:57 +0000)
author Matt Caswell <matt@openssl.org>
Mon, 9 Mar 2015 13:59:58 +0000 (13:59 +0000)
committer Matt Caswell <matt@openssl.org>
Wed, 11 Mar 2015 10:57:14 +0000 (10:57 +0000)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c

index f33057755035618a5b80afe4f0fca5cf272f4be5..5eaea69f9292de1ba6e5e21017f89646312cb350 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -712,6 +712,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
          ret += n;
      }
      EVP_MD_CTX_cleanup(&ctx);
+    OPENSSL_cleanse(buf, sizeof buf);
      return (ret);
  }
  
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c

index c5e7f236c33f36279cd2deab4415b7e5a0b808fb..a419e44d30fcdd177055d3e1f363ce45a900ca93 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -707,6 +707,8 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
               out, buf2, sizeof buf2);
      EVP_MD_CTX_cleanup(&ctx);
  
+    OPENSSL_cleanse(buf, (int)(q - buf));
+    OPENSSL_cleanse(buf2, sizeof(buf2));
      return sizeof buf2;
  }
  
@@ -850,6 +852,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
      tls1_PRF(s->ctx->md5, s->ctx->sha1,
               buf, TLS_MD_MASTER_SECRET_CONST_SIZE + SSL3_RANDOM_SIZE * 2, p,
               len, s->session->master_key, buff, sizeof buff);
+    OPENSSL_cleanse(buf, sizeof buf);
+    OPENSSL_cleanse(buff, sizeof buff);
  #ifdef KSSL_DEBUG
      printf("tls1_generate_master_secret() complete\n");
  #endif                          /* KSSL_DEBUG */
author	Matt Caswell <matt@openssl.org>
	Mon, 9 Mar 2015 13:59:58 +0000 (13:59 +0000)
committer	Matt Caswell <matt@openssl.org>
	Wed, 11 Mar 2015 10:57:14 +0000 (10:57 +0000)
ssl/s3_enc.c		patch \| blob \| history
ssl/t1_enc.c		patch \| blob \| history