diff options
author | Richard Levitte <levitte@openssl.org> | 2002-11-28 15:26:05 +0300 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2002-11-28 15:26:05 +0300 |
commit | 63e86149c159eb604a41e4d6683a1d206271404a (patch) | |
tree | 47e5a778536e68c5bbd39a72e90e51eeba32c817 /ssl | |
parent | ca8f05d0931af1679fc89556a9f06fa341c8b48a (diff) |
Recent changes from 0.9.6-stable.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s2_lib.c | 2 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 7 | ||||
-rw-r--r-- | ssl/s3_enc.c | 8 | ||||
-rw-r--r-- | ssl/s3_lib.c | 2 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 2 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 8 | ||||
-rw-r--r-- | ssl/ssltest.c | 5 | ||||
-rw-r--r-- | ssl/t1_enc.c | 12 |
8 files changed, 26 insertions, 20 deletions
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 0c96064675..bc4113cd68 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -307,7 +307,7 @@ void ssl2_free(SSL *s) s2=s->s2; if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - memset(s2,0,sizeof *s2); + OPENSSL_cleanse(s2,sizeof *s2); OPENSSL_free(s2); s->s2=NULL; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 22a0b097ac..c32a95581d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -695,6 +695,11 @@ static int ssl3_get_server_hello(SSL *s) goto f_err; } + /* Depending on the session caching (internal/external), the cipher + and/or cipher_id values may not be set. Make sure that + cipher_id is set and use it for comparison. */ + if (s->session->cipher) + s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { if (!(s->options & @@ -1456,7 +1461,7 @@ static int ssl3_send_client_key_exchange(SSL *s) s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); - memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); + OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); } else #endif diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 79fa4f97c2..e7743aba2a 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -174,7 +174,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num) km+=MD5_DIGEST_LENGTH; } - memset(smd,0,SHA_DIGEST_LENGTH); + OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH); } int ssl3_change_cipher_state(SSL *s, int which) @@ -318,8 +318,8 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); - memset(&(exp_key[0]),0,sizeof(exp_key)); - memset(&(exp_iv[0]),0,sizeof(exp_iv)); + OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key)); + OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv)); return(1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); @@ -390,7 +390,7 @@ void ssl3_cleanup_key_block(SSL *s) { if (s->s3->tmp.key_block != NULL) { - memset(s->s3->tmp.key_block,0, + OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length); OPENSSL_free(s->s3->tmp.key_block); s->s3->tmp.key_block=NULL; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c231d9d06f..fb8ce5e2e3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -732,7 +732,7 @@ void ssl3_free(SSL *s) #endif if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); - memset(s->s3,0,sizeof *s->s3); + OPENSSL_cleanse(s->s3,sizeof *s->s3); OPENSSL_free(s->s3); s->s3=NULL; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index cd122da8f1..7a89993b48 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1534,7 +1534,7 @@ static int ssl3_get_client_key_exchange(SSL *s) s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,p,i); - memset(p,0,i); + OPENSSL_cleanse(p,i); } else #endif diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 130fe1018a..a8668e42e6 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -477,13 +477,13 @@ void SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data); - memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); - memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); - memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); + OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH); + OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH); + OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) X509_free(ss->peer); if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); - memset(ss,0,sizeof(*ss)); + OPENSSL_cleanse(ss,sizeof(*ss)); OPENSSL_free(ss); } diff --git a/ssl/ssltest.c b/ssl/ssltest.c index c779751b8c..d6704852b4 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -224,12 +224,13 @@ int main(int argc, char *argv[]) verbose = 0; debug = 0; cipher = 0; - + + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); RAND_seed(rnd_seed, sizeof rnd_seed); - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); argc--; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index f3ecc5f586..a11e1130d8 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -158,7 +158,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, } HMAC_cleanup(&ctx); HMAC_cleanup(&ctx_tmp); - memset(A1,0,sizeof(A1)); + OPENSSL_cleanse(A1,sizeof(A1)); } static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, @@ -372,10 +372,10 @@ printf("\niv="); printf("\n"); #endif - memset(tmp1,0,sizeof(tmp1)); - memset(tmp2,0,sizeof(tmp1)); - memset(iv1,0,sizeof(iv1)); - memset(iv2,0,sizeof(iv2)); + OPENSSL_cleanse(tmp1,sizeof(tmp1)); + OPENSSL_cleanse(tmp2,sizeof(tmp1)); + OPENSSL_cleanse(iv1,sizeof(iv1)); + OPENSSL_cleanse(iv2,sizeof(iv2)); return(1); err: SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE); @@ -426,7 +426,7 @@ printf("pre-master\n"); { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } #endif tls1_generate_key_block(s,p1,p2,num); - memset(p2,0,num); + OPENSSL_cleanse(p2,num); OPENSSL_free(p2); #ifdef TLS_DEBUG printf("\nkey block\n"); |