[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Thu Jan 3 14:24:54 UTC 2019 

The branch master has been updated
       via  9c5ef4ea486f675f33592b34775c3e453f60ee69 (commit)
       via  d072eea2e39c4444ecce3598556053a4c552d9a2 (commit)
      from  51adf14a948ac0999114f3807fa6ceae1bb060ac (commit)


- Log -----------------------------------------------------------------
commit 9c5ef4ea486f675f33592b34775c3e453f60ee69
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Wed Jan 2 15:47:07 2019 +0300

    Eliminate unused buffers from ssl3_change_cipher_state
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7971)

commit d072eea2e39c4444ecce3598556053a4c552d9a2
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date:   Wed Jan 2 13:28:07 2019 +0300

    Remove unused variables from tls1_change_cipher_state
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7971)

-----------------------------------------------------------------------

Summary of changes:
 ssl/s3_enc.c |  6 ------
 ssl/t1_enc.c | 12 ------------
 2 files changed, 18 deletions(-)

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 9af4ccb..4d884f4 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -90,8 +90,6 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 int ssl3_change_cipher_state(SSL *s, int which)
 {
     unsigned char *p, *mac_secret;
-    unsigned char exp_key[EVP_MAX_KEY_LENGTH];
-    unsigned char exp_iv[EVP_MAX_IV_LENGTH];
     unsigned char *ms, *key, *iv;
     EVP_CIPHER_CTX *dd;
     const EVP_CIPHER *c;
@@ -239,12 +237,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
     }
 
     s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
-    OPENSSL_cleanse(exp_key, sizeof(exp_key));
-    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     return 1;
  err:
-    OPENSSL_cleanse(exp_key, sizeof(exp_key));
-    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     return 0;
 }
 
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index adcc626..9b58bd8 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -85,10 +85,6 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
 int tls1_change_cipher_state(SSL *s, int which)
 {
     unsigned char *p, *mac_secret;
-    unsigned char tmp1[EVP_MAX_KEY_LENGTH];
-    unsigned char tmp2[EVP_MAX_KEY_LENGTH];
-    unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
-    unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
     unsigned char *ms, *key, *iv;
     EVP_CIPHER_CTX *dd;
     const EVP_CIPHER *c;
@@ -408,16 +404,8 @@ int tls1_change_cipher_state(SSL *s, int which)
     printf("\n");
 #endif
 
-    OPENSSL_cleanse(tmp1, sizeof(tmp1));
-    OPENSSL_cleanse(tmp2, sizeof(tmp1));
-    OPENSSL_cleanse(iv1, sizeof(iv1));
-    OPENSSL_cleanse(iv2, sizeof(iv2));
     return 1;
  err:
-    OPENSSL_cleanse(tmp1, sizeof(tmp1));
-    OPENSSL_cleanse(tmp2, sizeof(tmp1));
-    OPENSSL_cleanse(iv1, sizeof(iv1));
-    OPENSSL_cleanse(iv2, sizeof(iv2));
     return 0;
 }

More information about the openssl-commits mailing list