import 0.9.7b (without idea and rc5)

author: markus <> 2003-05-11 21:36:58 +0000
committer: markus <> 2003-05-11 21:36:58 +0000
commit: 1c98a87f0daac81245653c227eb2f2508a22a965 (patch)
tree: 3de6d603296ec563b936da4e6a8a1e33d48f8884 /src/lib/libssl/t1_enc.c
parent: 31392c89d1135cf2a416f97295f6d21681b3fbc4 (diff)
download: openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.gz
openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.bz2
openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.zip
1 files changed, 10 insertions, 10 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 5290bf6665..271e247eea 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -124,7 +124,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
        unsigned int j;
        HMAC_CTX ctx;
        HMAC_CTX ctx_tmp;
-        unsigned char A1[HMAC_MAX_MD_CBLOCK];
+        unsigned char A1[EVP_MAX_MD_SIZE];
        unsigned int A1_len;
        
        chunk=EVP_MD_size(md);
@@ -161,7 +161,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
                }
        HMAC_CTX_cleanup(&ctx);
        HMAC_CTX_cleanup(&ctx_tmp);
-        memset(A1,0,sizeof(A1));
+        OPENSSL_cleanse(A1,sizeof(A1));
        }
 static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
@@ -418,10 +418,10 @@ printf("\niv=");
 printf("\n");
 #endif
-        memset(tmp1,0,sizeof(tmp1));
+        OPENSSL_cleanse(tmp1,sizeof(tmp1));
-        memset(tmp2,0,sizeof(tmp1));
+        OPENSSL_cleanse(tmp2,sizeof(tmp1));
-        memset(iv1,0,sizeof(iv1));
+        OPENSSL_cleanse(iv1,sizeof(iv1));
-        memset(iv2,0,sizeof(iv2));
+        OPENSSL_cleanse(iv2,sizeof(iv2));
        return(1);
 err:
        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -476,7 +476,7 @@ printf("pre-master\n");
 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
 #endif
        tls1_generate_key_block(s,p1,p2,num);
-        memset(p2,0,num);
+        OPENSSL_cleanse(p2,num);
        OPENSSL_free(p2);
 #ifdef TLS_DEBUG
 printf("\nkey block\n");
@@ -683,10 +683,10 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
        tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
                s->session->master_key,s->session->master_key_length,
-                out,buf2,12);
+                out,buf2,sizeof buf2);
        EVP_MD_CTX_cleanup(&ctx);
-        return((int)12);
+        return sizeof buf2;
        }
 int tls1_mac(SSL *ssl, unsigned char *md, int send)
@@ -773,7 +773,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                s->s3->server_random,SSL3_RANDOM_SIZE);
        tls1_PRF(s->ctx->md5,s->ctx->sha1,
                buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
-                s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
+                s->session->master_key,buff,sizeof buff);
 #ifdef KSSL_DEBUG
        printf ("tls1_generate_master_secret() complete\n");
 #endif  /* KSSL_DEBUG */
author	markus <>	2003-05-11 21:36:58 +0000
committer	markus <>	2003-05-11 21:36:58 +0000
commit	1c98a87f0daac81245653c227eb2f2508a22a965 (patch)
tree	3de6d603296ec563b936da4e6a8a1e33d48f8884 /src/lib/libssl/t1_enc.c
parent	31392c89d1135cf2a416f97295f6d21681b3fbc4 (diff)
download	openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.gz openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.tar.bz2 openbsd-1c98a87f0daac81245653c227eb2f2508a22a965.zip

diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 5290bf6665..271e247eea 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c
@@ -124,7 +124,7 @@ static void tls1_P_hash(const EVP_MD md, const unsigned char sec,
124	unsigned int j;	124	unsigned int j;
125	HMAC_CTX ctx;	125	HMAC_CTX ctx;
126	HMAC_CTX ctx_tmp;	126	HMAC_CTX ctx_tmp;
127	unsigned char A1[HMAC_MAX_MD_CBLOCK];	127	unsigned char A1[EVP_MAX_MD_SIZE];
128	unsigned int A1_len;	128	unsigned int A1_len;
129		129
130	chunk=EVP_MD_size(md);	130	chunk=EVP_MD_size(md);
@@ -161,7 +161,7 @@ static void tls1_P_hash(const EVP_MD md, const unsigned char sec,
161	}	161	}
162	HMAC_CTX_cleanup(&ctx);	162	HMAC_CTX_cleanup(&ctx);
163	HMAC_CTX_cleanup(&ctx_tmp);	163	HMAC_CTX_cleanup(&ctx_tmp);
164	memset(A1,0,sizeof(A1));	164	OPENSSL_cleanse(A1,sizeof(A1));
165	}	165	}
166		166
167	static void tls1_PRF(const EVP_MD md5, const EVP_MD sha1,	167	static void tls1_PRF(const EVP_MD md5, const EVP_MD sha1,
@@ -418,10 +418,10 @@ printf("\niv=");
418	printf("\n");	418	printf("\n");
419	#endif	419	#endif
420		420
421	memset(tmp1,0,sizeof(tmp1));	421	OPENSSL_cleanse(tmp1,sizeof(tmp1));
422	memset(tmp2,0,sizeof(tmp1));	422	OPENSSL_cleanse(tmp2,sizeof(tmp1));
423	memset(iv1,0,sizeof(iv1));	423	OPENSSL_cleanse(iv1,sizeof(iv1));
424	memset(iv2,0,sizeof(iv2));	424	OPENSSL_cleanse(iv2,sizeof(iv2));
425	return(1);	425	return(1);
426	err:	426	err:
427	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);	427	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -476,7 +476,7 @@ printf("pre-master\n");
476	{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }	476	{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
477	#endif	477	#endif
478	tls1_generate_key_block(s,p1,p2,num);	478	tls1_generate_key_block(s,p1,p2,num);
479	memset(p2,0,num);	479	OPENSSL_cleanse(p2,num);
480	OPENSSL_free(p2);	480	OPENSSL_free(p2);
481	#ifdef TLS_DEBUG	481	#ifdef TLS_DEBUG
482	printf("\nkey block\n");	482	printf("\nkey block\n");
@@ -683,10 +683,10 @@ int tls1_final_finish_mac(SSL s, EVP_MD_CTX in1_ctx, EVP_MD_CTX *in2_ctx,
683		683
684	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),	684	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
685	s->session->master_key,s->session->master_key_length,	685	s->session->master_key,s->session->master_key_length,
686	out,buf2,12);	686	out,buf2,sizeof buf2);
687	EVP_MD_CTX_cleanup(&ctx);	687	EVP_MD_CTX_cleanup(&ctx);
688		688
689	return((int)12);	689	return sizeof buf2;
690	}	690	}
691		691
692	int tls1_mac(SSL ssl, unsigned char md, int send)	692	int tls1_mac(SSL ssl, unsigned char md, int send)
@@ -773,7 +773,7 @@ int tls1_generate_master_secret(SSL s, unsigned char out, unsigned char *p,
773	s->s3->server_random,SSL3_RANDOM_SIZE);	773	s->s3->server_random,SSL3_RANDOM_SIZE);
774	tls1_PRF(s->ctx->md5,s->ctx->sha1,	774	tls1_PRF(s->ctx->md5,s->ctx->sha1,
775	buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,	775	buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
776	s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);	776	s->session->master_key,buff,sizeof buff);
777	#ifdef KSSL_DEBUG	777	#ifdef KSSL_DEBUG
778	printf ("tls1_generate_master_secret() complete\n");	778	printf ("tls1_generate_master_secret() complete\n");
779	#endif /* KSSL_DEBUG */	779	#endif /* KSSL_DEBUG */