From c2f5de13cd09179169b28179ad1e1cac0e4cd1fb Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 9 Mar 2015 13:59:58 +0000 Subject: [PATCH] Cleanse buffers Cleanse various intermediate buffers used by the PRF (backported version from master). Conflicts: ssl/s3_enc.c Conflicts: ssl/t1_enc.c Conflicts: ssl/t1_enc.c Reviewed-by: Richard Levitte --- ssl/s3_enc.c | 1 + ssl/t1_enc.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index f330577550..5eaea69f92 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -712,6 +712,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, ret += n; } EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, sizeof buf); return (ret); } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index c5e7f236c3..a419e44d30 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -707,6 +707,8 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, out, buf2, sizeof buf2); EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, (int)(q - buf)); + OPENSSL_cleanse(buf2, sizeof(buf2)); return sizeof buf2; } @@ -850,6 +852,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, tls1_PRF(s->ctx->md5, s->ctx->sha1, buf, TLS_MD_MASTER_SECRET_CONST_SIZE + SSL3_RANDOM_SIZE * 2, p, len, s->session->master_key, buff, sizeof buff); + OPENSSL_cleanse(buf, sizeof buf); + OPENSSL_cleanse(buff, sizeof buff); #ifdef KSSL_DEBUG printf("tls1_generate_master_secret() complete\n"); #endif /* KSSL_DEBUG */ -- 2.25.1