diff options
| author | Matt Caswell <matt@openssl.org> | 2015-03-09 13:59:58 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-03-11 10:57:14 +0000 |
| commit | c2f5de13cd09179169b28179ad1e1cac0e4cd1fb (patch) | |
| tree | 25830da2e1f37e2ee33b43174fce76c6c3b04ebf | |
| parent | 01320ad3b9261fe845d30881d760ed1da3a97a14 (diff) | |
Cleanse buffers
Cleanse various intermediate buffers used by the PRF (backported version
from master).
Conflicts:
ssl/s3_enc.c
Conflicts:
ssl/t1_enc.c
Conflicts:
ssl/t1_enc.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
| -rw-r--r-- | ssl/s3_enc.c | 1 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index f330577550..5eaea69f92 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -712,6 +712,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, ret += n; } EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, sizeof buf); return (ret); } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index c5e7f236c3..a419e44d30 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -707,6 +707,8 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, out, buf2, sizeof buf2); EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, (int)(q - buf)); + OPENSSL_cleanse(buf2, sizeof(buf2)); return sizeof buf2; } @@ -850,6 +852,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, tls1_PRF(s->ctx->md5, s->ctx->sha1, buf, TLS_MD_MASTER_SECRET_CONST_SIZE + SSL3_RANDOM_SIZE * 2, p, len, s->session->master_key, buff, sizeof buff); + OPENSSL_cleanse(buf, sizeof buf); + OPENSSL_cleanse(buff, sizeof buff); #ifdef KSSL_DEBUG printf("tls1_generate_master_secret() complete\n"); #endif /* KSSL_DEBUG */ |