diff options
| author | Rich Salz <rsalz@akamai.com> | 2015-05-29 18:22:43 +0200 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-05-30 18:28:05 +0200 |
| commit | e0f9bf1de72e2717a5e8c2126259959e2d650777 (patch) | |
| tree | 3e0622777db359536fdb21531ea5b30789ae7616 /ssl/s3_enc.c | |
| parent | Remove struct ccs_header_st (diff) | |
| download | openssl-e0f9bf1de72e2717a5e8c2126259959e2d650777.tar.xz openssl-e0f9bf1de72e2717a5e8c2126259959e2d650777.zip | |
clear/cleanse cleanup
Where we called openssl_cleanse, make sure we do it on all error
paths. Be consistent in use of sizeof(foo) when possible.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'ssl/s3_enc.c')
| -rw-r--r-- | ssl/s3_enc.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index ea9042b165..dd93e251ae 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -206,7 +206,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) km += MD5_DIGEST_LENGTH; } - OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH); + OPENSSL_cleanse(smd, sizeof(smd)); EVP_MD_CTX_cleanup(&m5); EVP_MD_CTX_cleanup(&s1); return 1; @@ -388,13 +388,15 @@ int ssl3_change_cipher_state(SSL *s, int which) } #endif - OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); - OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv)); + OPENSSL_cleanse(exp_key, sizeof(exp_key)); + OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); EVP_MD_CTX_cleanup(&md); return (1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); err2: + OPENSSL_cleanse(exp_key, sizeof(exp_key)); + OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return (0); } @@ -687,7 +689,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s, s->msg_callback_arg); } #endif - OPENSSL_cleanse(buf, sizeof buf); + OPENSSL_cleanse(buf, sizeof(buf)); return (ret); } |